@mj0011sec
This team took away ZDI’s Pwn2Own master prize by chaining three 0day exploits, taking them from browser sandbox to virtual machine escape on a fully patched VMWare Workstation. This was a first for ZDI. The initial vulnerability exploited a heap overflow in Microsoft Edge, followed by a kernel type confusion bug, ending in an uninitialized buffer vulnerability in SVGA, resulting in the highest payout from ZDI ($105k).