Besides being the most popular browser in the world, Google Chrome is also the hardest to hack, as the results of the 10th annual Pwn2Own event have shown. This is a yearly computer hacking contest held at the CanSecWest security conference where contestants try their best exploiting popular hardware and software without any know vulnerabilities. Successful hackers win a prize in cash, an emblazoned jacket and also the hacked device.
The teams that take part in the contest are the ones deciding which software or hardware to attack, so this is not the organizers’ decision. The contestant teams usually go for the most hackable software, obviously, so they can have a better chance of breaking in and winning the prize.
Pwn2Own’s sponsors include most of Sillicon Valley’s tech companies that buy the successful exploits and partner with vendors to get them patched.
This year’s edition featured some web browsers. Microsoft Edge was attacked five times and the bounties were around $300,000. It’s still a very young product, so we can’t blame it that much. Microsoft Edge was designed for Windows 10 so it only had 18 month to kill the bugs.
Safari was successfully exploited three times, and Firefox, twice. Google Chrome, on the other hand, was a winner as the only attack couldn’t be completed fast enough.
The bad news is that Google brought back the nastiest feature of Chrome, but the frustrating feature can luckily be avoided. Last year, it made the decision of dropping backspace key as a shortcut for the return function, after many years of complaints coming from users who managed to lose their data, as they were filling out forms. Why did this happen? Well, they hit the backspace key without having previously selected a text field. The result wasn’t as planned – deleting the text in the form – but a throwback to the previous webpage, clearing all data that was entered into the form.
Starting with Google Chrome version 52, this nasty keyboard shortcut was finally disabled.