Browser RCE Exploit
Researcher discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave.
Rajvardhan Agarwal, Indian security researcher published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting multiple browsers.
Certainly to exploit the security flaw and launch the Windows calculator (calc.exe) app.
But it’s worth noting that the exploit needs to be chained with another flaw that can allow it to escape Chrome’s sandbox protections.
After details of the flaw were shared with the company, Agarwal was able to put together the PoC by reverse-engineering the patch that Google’s Chromium team pushed to the open-source component.
In a tweet, “Getting popped with our own bugs wasn’t on my bingo card for 2021”.
Further added, “Not sure it was too smart of Google to add that regression test right away.”
In short, yet to make its way to the stable channel and patch for the V8 flaw., thereby leaving the browsers vulnerable to attacks.