Before the Pwn2Own contest itself began, two of the game's sponsors, Google and ZDI, showed up their own browser cracks in an event called Pwn4Fun. First, Google cracked Apple Safari 7 on a fully patched version of Mac OS X Maverick like an egg. At the end of the exploit, Google was running Calculator as root.
ZDI, for its part, showed "a multi-stage exploit, including an adaptable sandbox bypass, against Microsoft Internet Explorer, launching Scientific Calculator (running in medium integrity)" in IE 11 running on an up-to-date patched Windows 8.1 x64 PC. While it wasn't as complete a crack as Google's on Safari, it was still a crushing blow.
When the real Pwn2Own competition began, and all the browsers and associated Web browser programs, including Adobe Flash and Reader, began to fall.
First, Firefox 27 went down to three different attacks on Windows 8.1 x64 PC. Then Team VUPEN, an elite French group of security experts, took out the latest versions of Adobe Flash and Reader, and followed this up by exploiting both other security holes in IE 11 and Firefox 27.
And that was just the first day of the competition. The next day, all the browsers, including Google Chrome, got blasted again.
Chrome wasn't out of the woods yet. VUPEN cracked it with an attack that popped it open with a sandbox bypass, resulting in code execution, that worked against both the Blink and WebKit Web-rendering engines.
The other browsers were also in for more pain. IE 11, Firefox 27, and Safari 7 all got hammered before the competition came to an end. Only one hacker prize was left unclaimed--the "Unicorn" of a system-level code execution on a Windows 8.1 x64, in IE 11 x64, with an Enhanced Mitigation Experience Toolkit (EMET) bypass.