Twitter posted the second exploit this week for a zero-day vulnerability in Chromium, which affects Chrome, Edge, and probably other browsers.
Proof of concept exploit was published by a researcher known as frust:
another chrome 0dayhttps://t.co/QJy24ARKlU
Just here to drop a chrome 0day. Yes you read that right.
— frust (@frust93717815) April 14, 2021
The specialist also published a video demonstrating the exploitation of vulnerability.
The exploit was published the day after Google released Chrome 89.0.4389.128, which fixed another zero-day issue recently discovered in the Pwn2Own hacker contest. An exploit for it was published a few days later by Indian researcher Rajvardhan Agarwal, who discovered the bug itself by examining patches in the V8 source code.As well as the first bug, the vulnerability found by fruit prevents escape from the Chromium sandbox. That is, the attacker will first need to get out of the sandbox by combining the problem with other vulnerabilities. For example, the vulnerability works in Chrome (89.0.4389.128) and Edge (89.0.774.76) if you use the –no-sandbox argument.
It is not yet clear if this issue is fixed in the new Chrome 90 released the day before.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in