Microsoft Edge has been praised by some outlets for its security prowess. The company has also lauded several aspects of its browser, including its ability to keep users data safe. However, at PwnFest, Microsoft Edge was hacked twice by two separate teams.
PwnFest is hosted at the Power of Community security conference in Seoul. During the 2016 event, the contest was held on Thursday. The PwnFest is designed to focus on improved security by exposing flaws in major OS operations and services.
Edge was breached twice running on Windows 10 x64 with the Redstone 1 (Anniversary Update) upgrade.
A team from China-based Qihoo 360 got behind Microsoft Edge and was followed by lone South Korean hacker Lokihardt. Qihoo needed 30 hours to breach the browser. Microsoft had fended off three of the four vulnerabilities planned with its Patch Tuesday before the event.
However, Lokihardt showed his prowess by exploiting Microsoft Edge in just 18 seconds. For his efforts, he and Qihoo received $140,000 for SYSTEM-level executions. As this is a bug bash, Microsoft will be given details of the vulnerabilities. The company will now be able to patch for these breaches in the future
Security on Microsoft Edge
Despite these hacks, Microsoft's Windows 10 web browser is considered to be very secure next to rivals. At the start of this month, NSS Labs showed that Edge was successful at stopping a high rate of malware and phishing attacks. Rivals browsers like Google Chrome and Mozilla's Firefox fared less well in the tests.
Edge has a 91.4% success rate at stopping phishing attacks. It was even better at blocking malware, with a 99% success rate. Chrome was next with 82.4% for phishing and 85.8% for malware. Firefox struggled with 81.4% of phishing attacks stopped and 78.3% of malware attacks stopped.
Microsoft readily admits that its new browser is a work in process. Events like PwnFest show all companies need to keep working to shore up their services from zero-day vulnerabilities.