H his first day Pwn2Own 2014 started quite impressively, after vulnerabilities were presented for three popular browsers, the Internet Explorer Firefox and the Safari of Apple. The second day seems to be impressive as well, as hackers presented vulnerabilities in Chrome and classic again in Adobe Flash.
Chrome has been hacked by VUPEN, the team that last day earned a total of 300.000 dollars. The team has managed to break the security of Google's web browser with one use-after-free affecting WebKit and Blink. Combined with a bypass sandbox they discovered, managed to execute arbitrary code.
Zeguang Zhou of team509 and Liang Chen of Keen team managed to crack Adobe Flash with a vulnerability heap overflow and a detour of the sandbox.
The total prize money awarded so far in Pwn2Own 2014, excluding the amount allocated for charity, comes to $850.000. All of course vulnerable points have been revealed to the development companies.
