Pwn2Own Vancouver 2024 - Day Two Results

Pwn2Own Vancouver 2024 concluded with $1,132,500 awarded for 29 unique 0-day exploits. The top 10 winners included Manfred Paul, who won the Master of Pwn title with $202,500 and 25 points. Notable exploits included a Tesla exploit, a single exploit hitting both Chrome and Edge, and the first-ever Docker escape. Researchers utilized various techniques, including improper input validation, uninitialized variables, and UAFs. Despite some bug collisions, several contestants earned substantial rewards. Marcin Wiązowski exploited Windows 11 for $15,000, while STAR Labs SG earned $30,000 for exploiting VMware Workstation. ColdEye managed a guest-to-host escape in Oracle VirtualBox for $20,000. Mozilla Firefox was sandbox escaped by Manfred Paul for another $100,000. First-time contestant Gabriel Kirkpatrick earned $15,000 for exploiting Windows 11. Palo Alto Networks exploited Chrome and Edge for $42,500. Seunghyun Lee earned $85,000 for exploiting Edge and Chrome. The first Docker desktop escape at Pwn2Own involved two bugs and earned STAR Labs SG $60,000. Valentina Palmiotti exploited Windows 11 for $15,000.