Security News > 2022 > May > Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers.
The flaw, which was identified in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company Numen Cyber Labs and has since been quietly fixed by the company.
"The vulnerability allows an attacker to control the function pointers or write code into arbitrary locations in memory, and ultimately lead to code execution."
Google does not assign CVE IDs for vulnerabilities found in non-stable Chrome channels.
Chrome users, especially developers who use the Dev edition of Chrome for testing to ensure that their applications are compatible with the latest Chrome features and API changes, should update to the latest available version of the software.
This is not the first time use-after-free vulnerabilities have been discovered in V8. Google in 2021 addressed seven such bugs in Chrome that have been exploited in real-world attacks.
News URL
https://thehackernews.com/2022/05/experts-detail-new-rce-vulnerability.html
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)