An Indian security researcher has publicly revealed a proof-of-idea (PoC) exploit code for a freshly found flaw impacting Google Chrome and other Chromium-dependent browsers like Microsoft Edge, Opera, and Courageous.
Released by Rajvardhan Agarwal, the operating exploit concerns a distant code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers and is thought to be the similar flaw demonstrated by Dataflow Security’s Bruno Keith and Niklas Baumstark at Pwn2Personal 2021 hacking contest past 7 days.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Keith and Baumstark were awarded $100,000 for leveraging the vulnerability to operate destructive code inside Chrome and Edge.
In accordance to the screenshot shared by Agarwal, the PoC HTML file, and its affiliated JavaScript file, can be loaded in a Chromium-dependent browser to exploit the security flaw and start the Windows calculator (calc.exe) application. But it can be worthy of noting that the exploit requirements to be chained with a different flaw that can allow it to escape Chrome’s sandbox protections.
It appears that Agarwal was in a position to put with each other the PoC by reverse-engineering the patch that Google’s Chromium crew pushed to the open up-supply element after the specifics of the flaw had been shared with the business.
“Getting popped with our own bugs was not on my bingo card for 2021,” Baumstark tweeted. “Not certain it was way too wise of Google to increase that regression examination proper absent.”
While Google has addressed the issue in the most up-to-date edition of V8, it is however to make its way to the secure channel, therefore leaving the browsers vulnerable to attacks. Google is predicted to ship Chrome 90 later on right now, but it can be not distinct if the release will include things like a patch for the V8 flaw.
We have arrived at out to Google, and we will update the tale if we listen to back.
Uncovered this article fascinating? Follow THN on Facebook, Twitter and LinkedIn to browse additional exceptional written content we post.
Some elements of this post are sourced from:
thehackernews.com