So today was the second and the last day of the contest and result after the contest have been announced. As far with results day two was much bigger and great day for researcher, as on second day researcher were rewarded $450,000 which is much more then of day 1.
On second and the final day of Pwn2Own 2014, researcher managed to find seven security risk against five products. For these seven successful entrants they paid $450,000 to researcher. The total amount till second day was $850,000 (which is excluding the charity donation amounts).
As yesterday, Google Chrome escaped from any kind of the risk, but today researcher reported Two flaws against Chrome browser. The following are the vulnerabilities were successfully presented on second day of Pwn2Own competition:
By an anonymous participant:
Against Google Chrome, an arbitrary read/write bug with a sandbox bypass resulting in code execution. Upon review, contest judges declared this a partial win due to one portion of the presentation’s collision with a vulnerability presented earlier at Pwnium.
By Sebastian Apelt and Andreas Schmidt:
Against Microsoft Internet Explorer, two use-after-free bugs and a kernel bug, resulting in system calculator.
By Liang Chen of Keen Team:
Against Apple Safari, a heap overflow along with a sandbox bypass, resulting in code execution.
By George Hotz:
Against Mozilla Firefox, an out-of-bound read/write resulting in code execution.
By Team VUPEN:
Against Google Chrome, a use-after-free affecting both Blink and WebKit along with a sandbox bypass, resulting in code execution.
By Zeguang Zhao of team509 and Liang Chen of Keen Team:
Against Adobe Flash, a heap overflow with a sandbox bypass, resulting in code execution.
All the vulnerabilities were disclosed to their respective vendors in the Chamber of Disclosures, and each will be working to address those issues through their respective processes.
You can also watch some of the demonstration of the exploit at Pwn2Own 2014.