Security News > 2021 > April > Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched
A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project.
The second exploit was publicly disclosed by a researcher who uses the online moniker Frust and who works for Chinese cybersecurity company Qihoo 360.
Frust announced the availability of an exploit for a "Zero-day" Chrome vulnerability on Twitter on Wednesday, and a few hours later published a blog post with a technical description of the vulnerability, which actually exists in the Chromium code.
This is the second Chromium vulnerability for which an exploit has been released this week.
A few days after the competition ended, 18-year-old researcher Rajvardhan Agarwal made public a PoC exploit for CVE-2021-21220.
Agarwal analyzed the changes made by Chromium developers to v8 in response to the vulnerability disclosed by Keith and Baumstark, which enabled him to develop an exploit for it.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |