Security News > 2021 > April > RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
An Indian security researcher has publicly published a proof-of-concept exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.
Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers.
According to the screenshot shared by Agarwal, the PoC HTML file, and its associated JavaScript file, can be loaded in a Chromium-based browser to exploit the security flaw and launch the Windows calculator app.
It's worth noting that the exploit needs to be chained with another flaw that can allow it to escape Chrome's sandbox protections.
While Google has addressed the issue in the latest version of V8, it's yet to make its way to the stable channel, thereby leaving the browsers vulnerable to attacks.
Google is expected to ship Chrome 90 later today, but it's not clear if the release will include a patch for the V8 flaw.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/xnTh85fU5Rk/rce-exploit-released-for-unpatched.html
Related news
- Arc browser launches bug bounty program after fixing RCE bug (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information (source)