The browser vulnerabilities were first made public a 20-year-old security researcher who says he first notified Microsoft about the issues 10 months ago.
The second day of Pwn2Own 2019 featured more successful attacks from the "Flouroacetate" team of Amat Cama and Richard Zhu.
Chinese contestants from major companies had been dominating the contest in recent years, but new regulations from Beijing prohibited them from joining this year's fray.
The exploits, and money, are flying in Vancouver.
Denunciations like "most frequently exploited product" have been common for the software.
The flaw could affect all users running vulnerable software — which includes anyone using the bundled browser in Windows 7, Windows 8.1, and Windows 10.