This security flaw affects both Google Chrome and Microsoft Edge
New zero-day vulnerability affects all Chromium-based browsers.
A security researcher has published a proof-of-concept (PoC) exploit on Twitter for a recently discovered zero-day vulnerability in Google Chrome, Microsoft Edge and other Chromium-based browsers.
While this zero-day vulnerability has already been publicly disclosed, it has not yet been patched in the latest version of Chrome or Edge.
Security researcher Rajvardhan
Agarwal created the PoC exploit for a remote code execution vulnerability for the V8 JavaScript engine found in
Chromium-based browsers and published it in a tweet. Although the vulnerability has been fixed in the latest version of the V8 JavaScript engine, it’s still unclear as to when Google will add it to Chrome.
The PoC HTML file created by Agarwal and its corresponding JavaScript file can be used to launch the calculator app on Windows 10 when loaded in a Chromiumbased browser. However, the exploit is limited to running in the browser’s sandbox which prevents remote code execution vulnerabilities from launching programs on a host computer.