Friday, March 29, 2024

Unpatched zero-day vulnerability Affecting Current Versions of Google Chrome & Microsoft Edge Published Online

In a daily investigating routine, a security researcher, Rajvardhan Agarwal from India has noted a new zero-day vulnerability code execution affecting major web browsers.

According to the report, this new zero-day vulnerability is affecting the very new version of Google Chrome, Microsoft Edge, and other Chromium-powered browsers like Opera and Brave.  

Rajvardhan noted that this new zero-day flaw has been affecting many tech giants for a long time, and this PoC exploit was actually developed for a vulnerability exploited in the Pwn2Own hacking competition.

Unpatched zero-day vulnerability

After knowing regarding the vulnerability, Rajvardhan Agarwal immediately published a working proof-of-concept for all the remote code execution. The new PoC was initially released for the V8 JavaScript engine that is present in the Chromium-based browser.

After launching the new PoC for remote code execution, the security analyst Rajvardhan described the PoC HTML file. The analyst remarked that when the files are loaded in Chromium-based browsers, it will eventually exploit the vulnerability.

Once the vulnerability gets launched, it starts launching the Windows calculator program. However, the most important part of the PoC release is that the zero-day vulnerability of Agarwal’s is not escaping the browser’s sandbox.

According to the security researcher, Rajvardhan Agarwal,  the Chrome sandbox is the browser security that plays the role of boundary, and help the sandbox to protect them from all kind of remote code execution vulnerability.

Not only this, but the experts also affirmed that the browser security launch different programs on the host computer so that it will ensure its protection from the vulnerabilities.

The Zero-day that is launched by Agarwal needs to be chained with some other vulnerability so that it can enable all kinds of exploits to evade the Chromium sandbox.

Along with the disabled sandbox, Agarwal’s exploit can be used together to launch the calculator on Windows 10; not only this but the experts also declared that all the procedures are to be maintained properly so that it can execute its job correctly.

After performing the test, the specialists easily exploited the latest versions that are Google Chrome 89.0.4389.114 and Microsoft Edge 89.0.774.76.

Now Google will launch its Chrome 90, a new version to stable the conflicts that are being faced by the users and the company. Once the new version is released, everyone can see that if the new version contains any fix for this zero-day RCE vulnerability.

Moreover, researchers believe that Agarwal’s PoC release had helped them very much, and now they are trying their best to patch the flaw.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles