At the 2013 Pwn2own browser security challenge, operated by HP TippingPoint’s Zero Day Initiative (ZDI), during which Chrome, Firefox and IE were all hacked and demonstrably shown to be at risk from previously unknown vulnerabilities.
“We wanted to demonstrate as many bugs as we could,” said Brian Gorenc, manager of vulnerability research, Zero Day Initiative, HP DVLabs. “The stuff we enjoy at ZDI is how elegant the bugs are.”
Among the winners was security researcher “Nils,” who returned to Pwn2own after a three-year absence from the event. At the 2009 Pwn2own event, the previously unknown Nils shocked the world by exploiting Safari, IE 8 and Firefox 3.x, marking the first time that a single researcher had ever accomplished a browser hacking trifecta.
HP had originally put Apple Safari running on OS X Mountain Lion as a target for Pwn2own 2013. HP put a bounty of $75,000 for any researcher to claim against it, but no one did.
“No one pre-registered for Safari this year,” Gornec said. “Why that happened we don’t know; maybe they were focused on Chrome.”