Teams from Beijing security firm, Qihoo and South Korean Hacker Lokihardt both managed to compromise the Microsoft Edge browser on Windows, and bagged bounties of $120,000 each. Each team or contenstant is given three attempts to compromise the target, with each attempt having a time limit of four minutes. Lokihardt managed to gain system level access in as little as 18 seconds.
The hacks were showcased at PwnFest, an event related to the ongoing Power of the Community information security conference in Seoul, Korea, according to a report in The Register. It was the first time that a VMware Workstation was successfully attacked with only remote code execution, and no interaction by the end user.
The PwnFest is a yearly event where major tech companies offer rewards to hackers for owning certain products. Targets for the hackers this year included Microsoft Edge, Google Pixel, Microsoft Hyper-V, Google Chrome, iOS, the Safari browser, Adobe Flash and VMWare Workstation. The event also has a Lord of Pwn trophy given to the team with the most successful attacks, and if there is a tie, the award is decided based on technical merit of the hacks.
The prize money ranges from $80,000 for the Safari hack, to $150,000 for the VMWare and the Hyper-V attacks. The exploits are not publicly disclosed, and the companies usually take measures to plug these security holes.