Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter

The_King

Level 11
Verified
Aug 2, 2020
543
5,969
A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.

A zero-day vulnerability is a security bug that has been publicly disclosed but has not been patched in the released version of the affected software.
Today, security researcher Rajvardhan Agarwal released a working proof-of-concept (PoC) exploit for a remote code execution vulnerability for the V8 JavaScript engine in Chromium-based browsers.
Just here to drop a chrome 0day. Yes you read that right.r4j0x00/exploits pic.twitter.com/PpVJrVitLR
— Rajvardhan Agarwal (@r4j0x00) April 12, 2021
While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.
 

Correlate

Level 16
Verified
May 4, 2019
724
6,871
NEW: A security researcher has dropped a Chrome and Edge zero-day on Twitter -PoC available -0-day impacts the V8 JavaScript engine -Issue patched in V8 -Not patched in Chromium-based browsers due to the 2-week patch gap
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,201
40,856

danb

From VoodooShield
Verified
Developer
May 31, 2017
1,089
6,366
This is pretty cool, but in all fairness to Chrome, you have to disable its sandbox to get it to work. If he could escape the sandbox, then it would be super cool.

Having said that, this is a great and super easy test for deny-by-default and other products with anti-exploit mechanisms. The results might surprise you.
 
Top