PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers

Source
Advertisement


On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that are based on Google’s open source Chromium project. The researchers demonstrated the exploit against both Chrome and Microsoft Edge. Visiting a specially crafted website is required to trigger the exploit.

Google has started working on a patch, but it has yet to be rolled out to regular users. In the meantime, 18-year-old researcher Rajvardhan Agarwal, who describes himself as an exploit developer, noticed a change made by Google to the v8 JavaScript engine used by Chrome in response to the vulnerability disclosed by Keith and Baumstark, which enabled him to develop an exploit for it.

Advertisement