Microsoft has been promoting its Edge browser as a better, more secure, and modern alternative to Internet Explorer – its infamous web browser.
The promotions have gone as far as paying users to use the browser and being extremely and publicly critical of Google’s Chrome. However, Microsoft has always maintained one thing – it is the most secure web browser you could use on a Windows device.
Microsoft isn’t wrong – the company works around the clock to make sure users are secure, and even figure out unique ways to keep users safe in critical environments, but Edge is a piece of software – and software always has bugs.
Google highlighted some of these security issues very recently, which made Microsoft a tiny bit furious. Now Edge has been cracked again – twice.
PwnFest is an event where – usually – security researchers, experts, and companies gather to break into software; in return, they win money for their efforts and research. The big businesses themselves sponsor the event – and they are the ones challenging these security experts to break into their software.
It’s a great way to keep yourself on edge – your software is, of course, going to have security bugs, why not have them exposed in a controlled environment and reward the people who figure them out? Prevention is better than cure – and that’s what events such as PwnFest are for.
Just to be clear: the Edge session was running on the latest production release of Windows 10: Redstone 1, also known as the Anniversary Update.
Qihoo 360 – a Chinese security firm – was the first to break into Edge; the team at Qihoo 360 had to rework their exploit after Microsoft’s patch this Tuesday.
After Qihoo 360, South Korean security researcher JungHoon Lee – also known as, lokihardt – hacked Edge in mere 18 seconds. That’s quite impressive.
Microsoft is rewarding both of them with $120,000 for breaking into Edge, and a further bonus of $20,000 for gaining access to system-level code execution.
$140,000 for breaking into Microsoft’s software isn’t a bad deal. Microsoft plans on detailing the exploits at some point in the future – but first, they will be rolling out fixes so they cannot be exploited.