Security News > 2021 > April > PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers
A researcher has made public a proof-of-concept exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers.
On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that are based on Google's open source Chromium project.
In the meantime, 18-year-old researcher Rajvardhan Agarwal, who describes himself as an exploit developer, noticed a change made by Google to the v8 JavaScript engine used by Chrome in response to the vulnerability disclosed by Keith and Baumstark, which enabled him to develop an exploit for it.
In its current form, the exploit released by Agarwal only works if the sandbox is disabled in the browser - a separate sandbox escape vulnerability is required for exploitation against default configurations.
The researcher said he had tested his exploit on Chrome and Edge, but he believes it works against other Chromium-based browsers as well, including Opera and Brave.
Agarwal told SecurityWeek that he released the exploit to prove a point.
News URL
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)