Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter

[The_King]

Content source

https://www.bleepingcomputer.com/news/security/google-chrome-microsoft-edge-zero-day-vulnerability-shared-on-twitter/

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.

A zero-day vulnerability is a security bug that has been publicly disclosed but has not been patched in the released version of the affected software.
Today, security researcher Rajvardhan Agarwal released a working proof-of-concept (PoC) exploit for a remote code execution vulnerability for the V8 JavaScript engine in Chromium-based browsers.

Just here to drop a chrome 0day. Yes you read that right.r4j0x00/exploits pic.twitter.com/PpVJrVitLR
— Rajvardhan Agarwal (@r4j0x00) April 12, 2021​

While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.

Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.

www.bleepingcomputer.com

 

[enaph]

This also affects Opera and Brave Browser:

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

Exploit Released For Unpatched RCE Bug Affecting Chrome, Opera, and Brave Browsers

thehackernews.com

 

[[correlate]]

NEW: A security researcher has dropped a Chrome and Edge zero-day on Twitter -PoC available -0-day impacts the V8 JavaScript engine -Issue patched in V8 -Not patched in Chromium-based browsers due to the 2-week patch gap

Security researcher drops Chrome and Edge exploit on Twitter

An Indian security researcher has published details today about a zero-day vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave.

therecord.media

 

[Gandalf_The_Grey]

Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.

www.bleepingcomputer.com

Google is expected to release Chrome 90 to the Stable channel tomorrow, and we will have to see if the upcoming version includes a fix for this zero-day RCE vulnerability.

 

[danb]

This is pretty cool, but in all fairness to Chrome, you have to disable its sandbox to get it to work. If he could escape the sandbox, then it would be super cool.

Having said that, this is a great and super easy test for deny-by-default and other products with anti-exploit mechanisms. The results might surprise you.

 

[ErzCrz]

Been using Firefox again lately so I'll just wait on update before using any chromium browsers