An Indian safety researcher has publicly printed a proof-of-concept (PoC) exploit code for a newly found flaw impacting Google Chrome and different Chromium-based browsers like Microsoft Edge, Opera, and Courageous.
Keith and Baumstark had been awarded $100,000 for leveraging the vulnerability to run malicious code inside Chrome and Edge.
It seems that Agarwal was capable of put collectively the PoC by reverse-engineering the patch that Google’s Chromium group pushed to the open-source element after particulars of the flaw had been shared with the corporate.
“Getting popped with our personal bugs wasn’t on my bingo card for 2021,” Baumstark. “Undecided it was too sensible of Google so as to add that regression take a look at straight away.”
Whereas Google has addressed the problem within the newest model of V8, it is but to make its solution to the secure channel, thereby leaving the browsers weak to assaults. Google is anticipated to ship Chrome 90 later at the moment, however it’s not clear if the discharge will embrace a patch for the V8 flaw.
We’ve reached out to Google, and we are going to replace the story if we hear again.