Pwn2Own 2023: Chrome Exploits and Use-After-Free Concerns

It's that time again folks, the hosting of the Pwn2Own hacking contest. This year has, for the first time, seen Google's Chrome browser fall almost immediately to two zero-day exploits, which had avoided discovery for the past three years. The exploits make use of a use-after-free bug to bypass typical protection such as Data Execution Prevision (DEP) and Address Space Layout Randomization (ASLR), combined with a second exploit that allows execution of code, outside the safety of the Chrome sandbox.

Though exact details of the hack were not revealed, it's strongly suspected to be via a bundled Adobe Flash plugin, surprise surprise, which to function correctly requires a less stringent sandbox to run in.

The link for this article located at Hexus is no longer available.