Skip to main content

Chrome, Edge and Safari all fall to hackers in Chinese contest

(Image credit: Shutterstock)

At the Tianfu Cup, an ethical hacking competition in Chengdu, China, some of the country’s top hackers attempted to find exploits in some of the world’s most popular software, and over the course of the two days the competition ran, Chrome, Safari and Edge were successfully hacked.

On the first day of the competition, which sees hackers trying to find zero-day exploits in return for cash prizes (and a certain degree of fame), 32 hacking sessions were held, of which 13 were successful.

Microsoft Edge, the web browser that comes with Windows 10, did worst, with three successful exploits found in a single day. That’s not a great look for Microsoft, but the company can take some solace in the fact that this was using the older version of Edge, running the EdgeHTML engine. Microsoft is working on a new version based on the Chromium engine, which will hopefully be more secure.

Having said that, Chrome, Google’s web browser which is also based on Chromium, fell victim to two successful hacks. Meanwhile, Safari, Apple’s browser, was subjected to one successful hack.

Day one of the Tianfu Cup, held on Saturday November 16, saw one successful hack of Office 365, two of Adobe PDF reader, three for the D-Link DIR-878 router and one for qemu-kvm + Ubuntu (a virtual machine built into the Linux kernel).

At the end of the first day, 360Vulcan, a team of ethical hackers that had previously won the Pwn2Own competition, was in the lead. They won $80,000 for hacking qemu-kvm + Ubuntu.

Second day results

The next day saw fewer successful hacking attempts. The D-Link DIR-878 router fell to four more attacks, Adobe PDF Reader had two successful hacks, and VMWare Workstation was hacked once.

At the end of the competition, 360Vulcan won, earning $382,500 (around £300,000, AU$560,000) for their exploits.

These ethical hacking competitions, while embarrassing for the makers of the software attacked successfully, are also very useful, as they allow the developers to identify and fix those security flaws that the hackers have exploited.

As ZDnet reports, none of the major manufacturers were in attendance at the event, but if future Tianfu Cups see a similar high level of successful hacks, it’s likely that we’ll see big names attending the event.