An Indian security researcher has publicly revealed a proof-of-idea (PoC) exploit code for a freshly found flaw impacting Google Chrome and other Chromium-dependent browsers like Microsoft Edge, Opera, and Courageous.
Keith and Baumstark were awarded $100,000 for leveraging the vulnerability to operate destructive code inside Chrome and Edge.
It appears that Agarwal was in a position to put with each other the PoC by reverse-engineering the patch that Google’s Chromium crew pushed to the open up-supply element after the specifics of the flaw had been shared with the business.
“Getting popped with our own bugs was not on my bingo card for 2021,” Baumstark tweeted. “Not certain it was way too wise of Google to increase that regression examination proper absent.”
While Google has addressed the issue in the most up-to-date edition of V8, it is however to make its way to the secure channel, therefore leaving the browsers vulnerable to attacks. Google is predicted to ship Chrome 90 later on right now, but it can be not distinct if the release will include things like a patch for the V8 flaw.
We have arrived at out to Google, and we will update the tale if we listen to back.
Uncovered this article fascinating? Follow THN on Facebook, Twitter and LinkedIn to browse additional exceptional written content we post.
Some elements of this post are sourced from: