
Firefox, Edge, and Safari Browsers Fall at Famous Pwn2Own Hacking Contest - Froyoh
https://www.bleepingcomputer.com/news/security/firefox-edge-and-safari-browsers-fall-at-famous-pwn2own-hacking-contest/
======
ocdtrekkie
I think Pwn2Own misses the mark on focusing on the security problems people
actually have, and they make it sound like browsers are more or less secure
than they are, when you consider threats users will actually face.

\- Chrome is the most infected web browser, because the Chrome Web Store
allows any extension to get the permission to read all the web content you
view, inject their own content, and report back to a master server. Little to
no scrutiny of such permission grants is done on Google's part, and it's not
considered a vulnerability. The user having malicious extensions is the user's
problem, not a Chrome security problem, it seems.

\- Pretty much all web browsers allow Java alert() prompts to capture all UI
interaction with the web browser, allowing malicious websites to trick users
into believing their computer has malware and they need to call a scam support
line, or to force users to install malicious Chrome extensions. The checkbox
to prevent a site from creating these popups is only mildly effective due to
other tricks these sites employ. It's still, for some reason, not seen as a
problem that websites can capture the browser's UI in this way.

Pwn2Own seems like code golf. It isn't particularly helpful in the grand
scheme of things, and nobody's fixing the problems that actually cost average
users billions of dollars in money handed either to phone scammers or to Geek
Squad support folks who just have to reboot their PC for them.

