A Web-Security technician, Rajvardhan Agarwal, posted a GitHub link on his Twitter account to what appears to be a new flaw in browsers that rely on Chromium: the button engine of browsers such as Chrome, Microsoft Edge, Vivaldi and others.
The vulnerability is defined as type 0-day precisely because it's been zero days since it was recognized by the developer. So he has "zero days" to fix the flaw before anyone can write an exploit for it. By the time the bug is fixed, 0-day loses some of its original importance because it can no longer be used against updated systems.
There is nothing to worry about
Agarwal writes again that the vulnerability was eliminated in the latest update to the engine JavaScript V8. However, we still don't know when this update will reach our devices. The next version of Google Chrome will be number 90 and, of course, it will make the change that fixes this vulnerability. The release date has not yet been set, but is expected in the short term.
Just here to drop a chrome 0day. Yes you read that right.https: //t.co/sKDKmRYWBP pic.twitter.com/PpVJrVitLR
- Rajvardhan Agarwal (@ r4j0x00) April 12, 2021
This demonstration shows that the vulnerability, if inserted into the browser's JavaScript, can start the calculator. This is a small example to demonstrate that within the browser, you can remotely run any executable.
This vulnerability is the same one used by researchers Bruno Keith and Niklas Baumstark of Dataflow Security, for hacking into Google Chrome and Microsoft Edge in the hacker race, del Pwn2Own 2021
Join our community on Facebook, or our Telegram channel to stay up to date on all the news.
