Edge the Big Loser at Pwn2Own

mlnews

http://www.tomshardware.com/news/pwn2own-2017-microsoft-edge-hacked,33940.html

Thanks to @Patrick for the link.

Son of Jor-El

nadnerB

So all those pesky pop ups on Windows 10 about Edge being safer than Chrome were lies?

lol
0_1490197828937_Like carpet bomb.jpg

DustinB3403

@nadnerB said in Edge the Big Loser at Pwn2Own:

So all those pesky pop ups on Windows 10 about being safer than Chrome were lies?

Windows and Chrome are not even in the same family.

JaredBusch

@nadnerB said in Edge the Big Loser at Pwn2Own:

So all those pesky pop ups on Windows 10 about being safer than Chrome were lies?

Alternative facts....

JaredBusch

@DustinB3403 said in Edge the Big Loser at Pwn2Own:

@nadnerB said in Edge the Big Loser at Pwn2Own:

So all those pesky pop ups on Windows 10 about being safer than Chrome were lies?

Windows and Chrome are not even in the same family.

The popups were in Windwos for Edge, not in Edge.

nadnerB

@DustinB3403 said in Edge the Big Loser at Pwn2Own:

@nadnerB said in Edge the Big Loser at Pwn2Own:

So all those pesky pop ups on Windows 10 about being safer than Chrome were lies?

Windows and Chrome are not even in the same family.

Obsolesce

The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from “360 Security.” The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape.
The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000.

I thought VMWare fixed the possibility of this from being possible? This is now the third time I've heard of VM escape on the VMWare platform.

mlnews

@Tim_G said in Edge the Big Loser at Pwn2Own:

The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from “360 Security.” The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape.
The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000.

I thought VMWare fixed the possibility of this from being possible? This is now the third time I've heard of VM escape on the VMWare platform.

I wonder who is tracking VM escape rates.