Pwn2Own 2016: Chinese Researcher Hacks Google Chrome within 11 minutes

Mar 17, 2016, 09:12 ET from Qihoo 360

VANCOUVER, British Columbia, March 17, 2016 /PRNewswire/ -- 360Vulcan Team from Qihoo 360 hacked Google Chrome, the browser with the least vulnerabilities, and obtained the highest system privilege. It's the first time a Chinese security team has hacked Google Chrome at the Pwn2Own contest.

360Vulcan Team also hacked Adobe Flash Player based on Edge browser, obtaining the highest system privilege, which won the team a USD 80,000 cash prize and a total score of 13 points.

Hackers win in the battle of man vs. machine

Google Chrome is a browser built for security and simplicity, which represents the highest level of security defense in Google. Besides world-renowned Google Project Zero, Google also uses thousands of servers for vulnerability tests with deep mining technology and computing capacity that can compete with AlphGo, the program that defeated Lee Sedol, a top-ranked Go player, in the battle of man vs. machine. Thus Google Chrome is regarded as the browser with the least vulnerabilities.

Meanwhile, Chrome is equipped with the only sandbox which can detect and block attacks over Windows kernel. Once the sandbox is locked, the attacker will no long have the access to outside resources. Chrome has therefore been regarded as the ultimate challenge at the Pwn2Own competition in recent years.

The latest version of Google Chrome has been fundamentally improved in terms of security level. It's almost viewed as mission impossible for security researchers to exploit vulnerability for system privilege.

360Vulcan Team, in together with 360 Mobile Safe Team, hacked Chrome exploiting four vulnerabilities, which can make Chrome more secure as well as improve the overall defense level of the browser.

Chinese Security Team in Global Arena

Qihoo 360 is not new to Pwn2Own. At the contest in 2015, 360Vulcan Team successfully hacked tightly protected IE 11 running on the Windows 8.1 operating system in 17 seconds, and became the first Asian team to successfully claim IE browser in the contest's nine-year history. For two years, 360Vulcan Team has chosen to compete in the most challenging categories, which can show the remarkable expertise of Chinese security researchers.

360Vulcan Team is a security research team from the 360 Internet Security Innovation Center, focuses on security vulnerabilities mining and helping vendors to patch vulnerabilities.  "XP Shield" and "IE Shield", the vulnerability defense product from 360 Safeguard, were supported by 360Vulcan Team on the core technology.

In 2015, security teams in Qihoo 360 received over 100 official acknowledgements from Google, Microsoft, Apple and Adobe for the vulnerabilities submitted, second only to Google Project Zero, which won the fame of "Most Capable Security Team in the East". Those vulnerabilities, once sold to the black market, can earn millions of dollars. However, the team prefers to submit vulnerabilities to related vendors.

According to Zheng Wenbing, head of 360Vulcan Team, "Live Long and PWN, a motto of our team, stands for our consistent pursuit to challenge limits and impossibilities. In the battle of man vs. machine, we hope to make the Internet more secure."

Photo - http://photos.prnewswire.com/prnh/20160317/345316

SOURCE Qihoo 360