360Vulcan team, along with 360 Mobile Safe Team, succeeded to hack Google Chrome within 11 minutes to achieve system privileges at the two-day browser-hacking competition, Pwn2Own 2016.
Pwn2Own is a world-known security contest which is held annually at the CanSecWest conference in Canada. Security researchers worldwide gather to exploit vulnerabilities that have not yet been revealed in software and mobile devices.
360Vulcan Team, the research team from Qihoo360, was the big winner after the first day of the competition, receiving $132,500 with a demonstration of two exploits for Adobe Flash and Google Chrome respectively. 360Vulcan Team first hacked Adobe Flash Player. By taking advantage of a type of confusion bug in Flash and a vulnerability in Microsoft’s Windows 10, this team obtained the highest system privilege. This exploit also credited them a $80,000 reward and a total score of 13 points.
The second exploit of 360Vulcan Team targeted Google Chrome. Featuring its highest level of security defense from Google, Chrome is considered the most secured browser and the ultimate challenge in Pwn2Own contest. However, making use of four new zero-day vulnerabilities, 360Vulcan Team compromised Chrome and was awarded $52,500.
According to Zheng Wenbing, head of 360Vulcan Team, ‘ The motto of our team is Live Long and PWN, indicating our pursuit to challenge limits and impossibilities. We devoted ourselves to the battle between men and machines, hoping to make the Internet more secure.’