Today is the last day of the hacking contest, otherwise known as the Pwn2own contest, at the CanSecWest conference in Vancouver, BC, Canada. In just two days or less, vulnerabilities were exposed in two popular browsers: Internet Explorer and Google Chrome.
Chrome and IE9 Hacked
Sergey Glazunov and the French company, VUPEN, separately exploited vulnerabilities in Google Chrome. Those exposed by Glazunov have been addressed by Google and are no longer present in Chrome's latest update released on Thursday. The vulnerability exposed by VUPEN is of a different nature. It is believed that this vulnerability lies not with Chrome itself, but with the Adobe Flash Player Plugin that comes with Chrome. If that is the case, that vulnerability would have to be addressed by Adobe, not Chrome.
VUPEN also exposed two vulnerabilities in Internet Explorer 9. This vulnerability is more serious because the team was able to bypass even the Protected Mode feature in IE9. What's more is they were able to expose the vulnerabilities in IE10 on Windows 8.
What Are Your Options?
The third option for most Internet surfers is Apple's Safari. Does Safari offer better protection against hackers than Chrome or IE9? Not really. Consider the recent exposé by Ashkan Soltani and Jonathan Mayer. They found that Google was bypassing and altering Safari's privacy settings to allow bits of information left on the computer that a user would not necessarily want. Not exacly a viable option.
As of the writing of this article, no mention has been made about vulnerabilities in Mozilla Firefox. As long as the user has the most updated version of Firefox, at this point this seems to be the best option for surfing the web.
What Can You Do To Protect Yourself?
What does this mean for you? First and foremost, you should always have the latest updates for your operating system and browser(s). Windows users should run Windows updates at least once a week. Microsoft always releases their updates on Tuesday, so checking for new updates on Wednesday might be a good idea. Any updates to IE9 are included in Windows updates. Mac users should run software updates form the apple icon in the upper left corner of the screen at least once a week. Any updates to Safari will be included in those updates. Chrome users simply need to restart the browser for any updates to take effect. Windows users using Safari should run Apple Software Update for the latest updates to Safari. Firefox users simply need to restart the browser for any updates to take effect.
Even with the latest updates, browser vulnerabilities still exist as demonstrated in the Pwn2own contest. However, those vulnerabilities are not likely to be exposed on your computer. For the casual user with a level of protection, (e.g. antivirus software), there shouldn't be anything to worry about.
What are your thoughts about the Pwn2own contest? Which operating system do you use? Which browser do you use? Take the "Which Browser Do You Use" poll and let us know what you think in the comments.