For Chrome, Edge, and other Chromium-based browsers, a security researcher shared a proof-of-concept (POC) vulnerability on Twitter. Although this zero-day vulnerability has been publicly disclosed, it has not been fixed in the latest versions of Chrome and Edge.
Just here to drop a chrome 0day. Yes you read that right.https://t.co/sKDKmRYWBP pic.twitter.com/PpVJrVitLR
— Rajvardhan Agarwal (@r4j0x00) April 12, 2021
Security researcher Rajvardhan Agarwal discovered a remote code execution vulnerability in the V8 JavaScript engine based on the Chromium browser and announced it through his personal Twitter account. Although the vulnerability has been fixed in the latest version of the V8 JavaScript engine, it is still unclear when Google will add it to the Chrome browser.
In the proof-of-concept demonstration provided by Agarwal, another vulnerability was needed to escape the Chromium sandbox. In order to test the vulnerability, BleepingComputer started both Chrome and Edge with the -no-sandbox flag enabled and was able to use the vulnerability to run the calculator on Windows 10 (representing a successful intrusion).
Join Our RealMi Central Channel On Telegram
Although posting the zero-day vulnerability on Twitter is controversial, some users on social networks questioned Agarwal’s behavior because the vulnerability was originally discovered by Bruno Keith and Niklas Baumstark from Dataflow Security, and at the time of the leak No mention of their credit. However, Agarwal said that when he discovered the vulnerability, he did not know that the other party had discovered the vulnerability.
Update: This problem has been fixed in the latest Chrome version, but he broke the news that there is a vulnerability in the V8 engine that has not been fixed, but he decided not to disclose the vulnerability.
If you like our news and you want to see such news even further, then follow RealMi Central on Telegram, Twitter, Facebook (Page) (Group) & Instagram.