Mere days after the release of Microsoft’s latest browser (Internet Explorer 8), contestants at Pwn2Own tried to “pwn” browsers on several platforms. Day one saw IE8, Firefox and Safari exploited. Day two was uneventful, with no exploits of mobile platforms.
The only browser not exploited (so far) is Google’s Chrome. So, without any futher ado…
Update: March 20, 2009
It looks like the version of IE8 used at Pwn2Own may have not been the final release version. Microsoft has stated on their Security Research and Defense blog that “the final release of Internet Explorer 8 on Windows Vista blocks the .NET DEP+ASLR bypass mechanism from malicious websites on the Internet”. If I am understanding things correctly, the combination of the final release IE8 and Vista is quite secure. The Internet Storm Center questions whether IE8 would have been exploited had the competition been held a day later and the “Official” release been available.
Check out the links and decide for yourself if you’re going to install IE8.
