Update: After earning $110,000 for his first 3 exploits, JungHoon Lee (lokihardt) took out Apple Safari using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. That netted him another $50,000 USD and brought his daily total to $225,000. This is an amazing accomplishment for anyone, but it’s especially impressive considering he is an individual competitor rather than a team. Well done.
The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, with each going after multiple targets.
JungHoon Lee (lokihardt) demonstrated an exploit that affects both the stable and beta versions of Google Chrome. He leveraged a buffer overflow race condition in Chrome, then used an info leak and race condition in two Windows kernel drivers to get SYSTEM access. With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and another $10,000 from Google for hitting the beta version for a grand total of $110,000. To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration. There are times when “Wow” just isn’t enough.
Read More: Link