IE8, Safari Fall to Pwn2Own Hackers, Chrome Still Standing

Hackers at the Pwn2Own 2011 hacker conference at the CanSecWest conference in Vancouver broke through defenses in Apple's Safari 5.0.3 on fully patched Mac OS X 10.6.6 and Internet Explorer 8 on Windows 7 SP1.
Pwn2Own has become one of the top security events of the year, even if it's a rather routine affair. Lots of products get hacked, some survive. It's not clear if the contest says anything meaningful about the security of the products, but there is a wide consensus that competitions like this improve security overall by pushing developers to do their best, if only out of pride.
This year both Apple and Google released last-minute updates to their browsers fixing large numbers of vulnerabilities. Microsoft didn't issue any IE patches this past Patch Tuesday, but clearly Pwn2Own has become a deadline date for security fixers at some companies. Google in fact pushed its release-level browser up a version to 10. At this rate there will be a version 25 before too long.
Chrome in fact escaped Pwn2Own unscathed, as the one hacker scheduled to attack it didn't show. Perhaps he was stymied by Google's last-minute updates.
The hackers work hard for these contests and not just for the prize money. Ars Technica cited Chaouki Bekrar, co-founder of security firm VUPEN, who performed the Safari hack, describing how they had to create new tools and attack code from scratch.
The IE8 hack by security researcher Stephen Fewer of Harmony Security took 5 to 6 weeks to put together: "The successful exploit required use of three separate vulnerabilities: two to achieve successful code execution within the browser, and then a third to escape Internet Explorer's Protected Mode sandbox."
Firefox runs the gauntlet today. After that go the smartphones: iPhone, Blackberry OS, Android, and Windows Phone 7. Video below, though NSFW.