An Indian safety researcher has publicly printed a proof-of-concept (PoC) exploit code for a newly found flaw impacting Google Chrome and different Chromium-based browsers like Microsoft Edge, Opera, and Courageous.
Keith and Baumstark had been awarded $100,000 for leveraging the vulnerability to run malicious code inside Chrome and Edge.
It seems that Agarwal was in a position to put collectively the PoC by reverse-engineering the patch that Google’s Chromium crew pushed to the open-source element after particulars of the flaw had been shared with the corporate.
“Getting popped with our personal bugs wasn’t on my bingo card for 2021,” Baumstark tweeted. “Undecided it was too sensible of Google so as to add that regression take a look at instantly.”
Whereas Google has addressed the difficulty within the newest model of V8, it is but to make its option to the secure channel, thereby leaving the browsers weak to assaults. Google is predicted to ship Chrome 90 later as we speak, nevertheless it’s not clear if the discharge will embody a patch for the V8 flaw.
We now have reached out to Google, and we are going to replace the story if we hear again.