Researchers failed to find an exploit used for remote code execution (RCE) in Chrome but found and analyzed an elevation-of-privilege exploit used to escape the sandbox and obtain system privileges.
As researchers didn't find the RCE in Chrome, they looked elsewhere and discovered a possible candidate. On April 12, Chromium developers committed two (issue 1196683, issue 1195777) Typer-related bug fixes to the open source repository of V8 — a JavaScript engine used by Chrome and Chromium web browsers. This was after a team in a Pwn2Own competition demonstrated successful exploitation of the Chrome renderer process using a Typer Mismatch bug.
"One of these bug fixes (issue 1196683) was intended to patch a vulnerability that was used during Pwn2Own, and both bug fixes were committed together with regression tests – JavaScript files to trigger these vulnerabilities," said researchers.