Security News > 2021 > April > Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.
While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.
To test the exploit, BleepingComputer launched the Microsoft Edge and Google Chrome browsers with the -no-sandbox flag, which turns off the Chromium sandbox.
Our tests' exploitable versions are Google Chrome 89.0.4389.114 and Microsoft Edge 89.0.774.76, which are the latest versions in the Stable channel.
This vulnerability is believed to be the same one used by Dataflow Security's Bruno Keith and Niklas Baumstark at Pwn2Own 2021, where the researchers exploited Google Chrome and Microsoft Edge.
Google is expected to release Chrome 90 to the Stable channel tomorrow, and we will have to see if the upcoming version includes a fix for this zero-day RCE vulnerability.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)