News

The researcher has published an RCE exploit for Chrome, Opera, Brave and other Chromium browsers

Indian researcher Rajvardhan Agarwal posted on Twitter the RCE exploit code for a recently discovered vulnerability affecting Chromium browsers including Chrome, Edge, Opera, Brave and others.

The researcher claims that this exploit was used to compromise Chrome and Edge in the recently concluded Pwn2Own competition by experts from the Dataflow Security team, who received $ 100,000 for demonstrating the bug. According to the rules of the competition, information about this error has not yet been released, but has been passed on to Google engineers so that they can fix the problem as soon as possible.

“Just here to drop a chrome 0day. Yes you read that right https://t.co/sKDKmRYWBP pic.twitter.com/PpVJrVitLR”, — Rajvardhan Agarwal wrote in Twitter.

Agarwal told The Record journalists that he found patches for this vulnerability by studying the source code of the V8 JavaScript engine, and this helped him recreate the exploit with Pwn2Own, which he eventually posted on GitHub.

Agarwal’s code allows a potential attacker to run malicious code on a user’s operating system, but the exploit must first exit the Chrome sandbox. That is, the attackers will need the first part of this chain of exploits, since 0-day in V8 is already the second phase of the attack.

At the same time, Agarwal warns that even in its current form, the exploit is dangerous for the built-in and headless versions of Chromium, in which the sandbox is not usually used.

Although the Chromium developers have already fixed the bug in V8, patches have not yet made it to the newest versions of Chromium browsers, which are still vulnerable to attacks.

Google is expected to release Chrome 90 this week, however it is unknown if this version will include the required patches.

Let me remind you that we wrote that the spring Pwn2Own 2021, the largest hacker competition, has ended: Windows 10, Ubuntu, Safari, Chrome and Zoom were hacked. In total, in three days, Pwn2Own members earned $1,210,000. Detailed results can be found on the Trend Micro Zero Day Initiative (ZDI) blog.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bfopeci.info pop-up ads (Virus Removal Guide)

News-bfopeci.info is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove News-bfugaho.info pop-up ads (Virus Removal Guide)

News-bfugaho.info is a site that tries to force you into clik to its browser notifications…

1 day ago

Remove News-bganise.info pop-up ads (Virus Removal Guide)

News-bganise.info is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xhijupa pop-up ads (Virus Removal Guide)

News-xhijupa.com is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xnicini.cc pop-up ads (Virus Removal Guide)

News-xnicini.cc is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xpafema.cc pop-up ads (Virus Removal Guide)

News-xpafema.cc is a site that tries to trick you into subscribing to its browser notifications…

1 day ago