Security News > 2021 > April > Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”
2021-04-09 18:33

The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes.

Pwn2Own is a bug bounty program with a twist.

If two teams show up with the same exploit, and both of those exploits succeed within the allotted time, then the winner isn't the one who can prove they found it first during their research phase, but the one who just happened to get the earlier demonstration slot in the draw.

Traditionally, the North American Pwn2Own event has taken place alongside the annual CanSecWest security conference held in Vancouver, Canada, but this year the official host city was Austin, Texas.

The full results for 2021 can be found on the Pwn2Own blog, including those who tried but failed, or those who tried but didn't win any money because some part of their exploit chain was already known.

In some cases, competitors lost out because their exploits had been reported to the vendor before the competition by someone else, but not yet publicly disclosed; in other cases, they lost out simply through the bad luck of drawing a later slot in the competition than other participants who had brought along and exploited the same bugs.


News URL

https://nakedsecurity.sophos.com/2021/04/09/pwn2own-2021-zoom-teams-exchange-chrome-and-edge-fully-owned/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 54 4 51 80 12 147