Security Researcher “Chrome 0day” Tweet – Expert Insight


Security researcher Rajvardhan Agarwal tweeted that he dropped a “chrome 0day,” sharing a proof-of-concept (PoC) in a GitHub repository.

Experts Comments

April 14, 2021
Satnam Narang
Senior Research Engineer
Tenable

There are reports of a 1-day vulnerability in the V8 JavaScript engine used by Google Chrome and Microsoft Edge (Chromium). This vulnerability was disclosed on social media on April 12 but appears to be the same flaw that was reported during the Pwn2Own contest held earlier this month. The known vulnerability has been patched in the V8 engine, but yet to be patched in both Chrome and Edge. 

 

While it is concerning that details about a vulnerability in popular web browsers has been publicly

.....Read More

There are reports of a 1-day vulnerability in the V8 JavaScript engine used by Google Chrome and Microsoft Edge (Chromium). This vulnerability was disclosed on social media on April 12 but appears to be the same flaw that was reported during the Pwn2Own contest held earlier this month. The known vulnerability has been patched in the V8 engine, but yet to be patched in both Chrome and Edge. 

 

While it is concerning that details about a vulnerability in popular web browsers has been publicly disclosed, the cause for concern dissipates when you consider that the vulnerability by itself cannot escape Google’s sandbox. This means that an attacker could not compromise the underlying operating system or access confidential information. It’s sort of like clapping your hands; you can’t truly clap with just one hand, you need both. Similarly, in this instance, an attacker would need to chain this V8 vulnerability with a second vulnerability to escape the sandbox.

 

Despite that, we strongly encourage users and organizations alike to ensure they are patching their browsers like Chrome and Edge as soon as possible, as unpatched browsers and systems are ripe targets for cybercriminals and advanced persistent threat groups.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.