Indian security researcher Rajvardhan Agarwal recently published a proof-of-concept code for a brand new vulnerability affecting Google Chrome, Microsoft Edge, Brave, and Opera (all Chromium-based).
Agarwal’s Proof-of-Concept Exploit Code for the New Chromium Flaw
How did Agarwal come up with the PoC code?
The researcher most likely reverse-engineered the patch released by Chromium’s team shortly after details of the vulnerability were shared with Google.
Indeed, a patch has been released by Google addressing the flaw in V8’s latest version. However, the patch hasn’t been applied to the stable channel, creating an opportunity for hackers to exploit vulnerable browsers. You should be on the lookout for Chrome 90 which should be released later today.
Last year, Google patched another bug in Chrome for desktop – CVE-2020-16009, described as an inappropriate implementation flaw in V8. The bug was exploited in remote execution attacks through a crafted HTML page.
Protection against vulnerabilities in Chromium-based browsers
On the positive side, Google and Microsoft are planning a new improvement of the security of Microsoft Edge and Google Chrome. Both Chrommium-based browsers will support a new security feature provided by Intel. The so-called CET feature, or Control-flow Enforcement Technology will prevent vulnerabilities.