The only browser that survived Pwn2Own this year was Google Chrome. This led to numerous news reports like this one suggesting that Google’s browser was somehow more secure than the others. This is far from the truth. In fact, the vulnerability that caused the iPhone’s downfall was in the WebKit engine and also affected the Google Chrome browser. Chrome’s sandbox was also held up as a major CanSecWest roadblock but there’s already scuttlebutt circulating that at least two security researchers have found a way to break out of the Chrome sandbox. Keep in mind that the iPhone has a sandbox that didn’t help much when hackers hijacked the SMS database at Pwn2Own.
Survival at the Pwn2Own contest simply means that researchers weren’t motivated enough to give up their vulnerabilities/exploits in exchange for a smartphone and cash prizes. The iPhone survived in 2008, didn’t it?
