Tuesday, December 3, 2024
HomeCVE/vulnerabilityUnpatched zero-day vulnerability Affecting Current Versions of Google Chrome & Microsoft Edge...

Unpatched zero-day vulnerability Affecting Current Versions of Google Chrome & Microsoft Edge Published Online

Published on

SIEM as a Service

In a daily investigating routine, a security researcher, Rajvardhan Agarwal from India has noted a new zero-day vulnerability code execution affecting major web browsers.

According to the report, this new zero-day vulnerability is affecting the very new version of Google Chrome, Microsoft Edge, and other Chromium-powered browsers like Opera and Brave.  

Rajvardhan noted that this new zero-day flaw has been affecting many tech giants for a long time, and this PoC exploit was actually developed for a vulnerability exploited in the Pwn2Own hacking competition.

- Advertisement - SIEM as a Service

Unpatched zero-day vulnerability

After knowing regarding the vulnerability, Rajvardhan Agarwal immediately published a working proof-of-concept for all the remote code execution. The new PoC was initially released for the V8 JavaScript engine that is present in the Chromium-based browser.

After launching the new PoC for remote code execution, the security analyst Rajvardhan described the PoC HTML file. The analyst remarked that when the files are loaded in Chromium-based browsers, it will eventually exploit the vulnerability.

Once the vulnerability gets launched, it starts launching the Windows calculator program. However, the most important part of the PoC release is that the zero-day vulnerability of Agarwal’s is not escaping the browser’s sandbox.

According to the security researcher, Rajvardhan Agarwal,  the Chrome sandbox is the browser security that plays the role of boundary, and help the sandbox to protect them from all kind of remote code execution vulnerability.

Not only this, but the experts also affirmed that the browser security launch different programs on the host computer so that it will ensure its protection from the vulnerabilities.

The Zero-day that is launched by Agarwal needs to be chained with some other vulnerability so that it can enable all kinds of exploits to evade the Chromium sandbox.

Along with the disabled sandbox, Agarwal’s exploit can be used together to launch the calculator on Windows 10; not only this but the experts also declared that all the procedures are to be maintained properly so that it can execute its job correctly.

After performing the test, the specialists easily exploited the latest versions that are Google Chrome 89.0.4389.114 and Microsoft Edge 89.0.774.76.

Now Google will launch its Chrome 90, a new version to stable the conflicts that are being faced by the users and the company. Once the new version is released, everyone can see that if the new version contains any fix for this zero-day RCE vulnerability.

Moreover, researchers believe that Agarwal’s PoC release had helped them very much, and now they are trying their best to patch the flaw.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

HPE IceWall Flaw Let Attackers cause Unauthorized Data Modification

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability...