Security News > 2021 > April > Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.
A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it.
Today, a security researcher known as frust dropped a PoC exploit on Twitter for a zero-day bug Chromium-based browser that causes the Windows Notepad application to open.
This new zero-day vulnerability comes a day after Google released Chrome 89.0.4389.128 to fix a different Chromium zero-day vulnerability publicly released on Monday.
After disabling the sandbox, the exploit could launch Notepad on Google Chrome 89.0.4389.128 and Microsoft Edge 89.0.774.76, which are the latest versions of both browsers.
Google was scheduled to release Chrome 90 for Desktop yesterday, April 13th, but instead released the new version of Chrome to fix the zero-day released on Monday.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)