Google Chrome, Microsoft Edge, and Apple's Safari have been successfully hacked by hackers participating in network security contest Tianfu Cup. The two-day event, which is China's version of Pwn2Own, brought a list of security researchers from the country to test the vulnerabilities hidden within various popular apps, including Chrome, Edge, and Safari as well as Office 365 and Adobe PDF Reader. The event concluded on Sunday with team 360Vulcan emerged as the leader. The security researchers behind the team 360Vulcan managed to exploit Microsoft Edge among other distinct targets.
The team 360 Vulcan won a total bounty of $382,500 (roughly Rs. 2,74,80,000) for hacking Adobe PDF Reader, Microsoft Edge, Office 365, VMWare Workstation, and qemu+Ubuntu.
There were a total of three successful exploits targeting Edge browser that emerged at the Tianfu Cup event. The security loopholes were notably found on the EdgetHTML-based Edge browser -- not the Chromium-powered version. Moreover, the hackers participating in the event were able to earn a total of $120,000 (roughly Rs. 86,21,600) from the Edge exploits.
Similar to the vulnerabilities discovered in Edge, a couple of security researcher teams participating in Tianfu Cup were able to hack Chrome. The researchers earned a total of $40,000 (roughly Rs. 28,73,800).
In the case of Safari, a team named SlackLeader was able to find an exploit in the Apple browser and earned $30,000 (roughly Rs. 21,55,200).
Generally, software vendors attend security events to get the first-hand reports about the vulnerabilities exist in their offerings. Companies, however, majorly skipped Tianfu Cup this year.
ZDNet reports that some members from the Chrome security team did attend the event. Nevertheless, Google hasn't yet defined the Chrome exploits emerged there. Apple and Microsoft have also so far managed to maintain silence on the hacks took place at the event.
Aside from the browser-powered exploits, security researchers at Tianfu Cup showcased one hack of Office 365 and one of qemu-kvm + Ubuntu. There were also a couple of exploits reported in Adobe PDF Reader.
For highlighting the hacks of VMWare and qemu+Ubuntu, the team 360Vulcan was able to earn $200,000 and $80,000, respectively. They were also much awaited to exploit iOS at the event. However, the researchers didn't succeed.