It"s been tough times for Microsoft Edge lately; it currently sports a user base of just over 5%, Google"s Project Zero keeps revealing the browser"s vulnerabilities, and new extensions are coming at a snail"s pace.
Now, at the Pwn2Own 2017 hacking event, Edge was the least secure browser after being hacked the most number of times, another worrying concern for Microsoft.
Tom"s Hardware reports that at the 10th Pwn2Own event, Microsoft"s Edge browser was hacked at least five times in three days. The Chakra JavaScript engine was exploited to execute most of these hacks, but one security team by the name of "360 Security" managed to perform a "virtual machine escape". This was done by utilizing a heap overflow bug in the browser, a buffer in VMWare Workstation that was not initialized, and a type confusion in the Windows kernel. Through this impressive exploit, the team bagged $105,000.
On the other hand, Safari was fully hacked three times and partially hacked once, which means that it fared only slightly better than Edge. Two hacking attempts were made against Mozilla"s Firefox but only one of them was successful.
Chrome fared the best overall with only one hacking attempt against it - which failed to complete in the allotted time. That said, it is important to note that it"s not yet known if the exploit would have worked had the team behind it had been offered more time.
All in all, the results of the hacking contest does hold concern for Microsoft. The company regularly boasts about the security improvements in its Edge browser, but the Pwn2Own event proves that there"s still work to be done.
Source: Tom"s Hardware
Editor"s Note: An earlier version of this article incorrectly stated that Edge had been "declared" the least secure browser in the hacking event. This has now been rectified as this was not explicitly stated at the event, we apologize for the oversight.