Researchers failed to find an exploit used for remote code execution (RCE) in Chrome but found and analyzed an elevation-of-privilege exploit used to escape the sandbox and obtain system privileges.
As researchers didn t find the RCE in Chrome, they looked elsewhere and discovered a possible candidate. On April 12, Chromium developers committed two (issue 1196683, issue 1195777) Typer-related bug fixes to the open source repository of V8 a JavaScript engine used by Chrome and Chromium web browsers. This was after a team in a Pwn2Own competition demonstrated successful exploitation of the Chrome renderer process using a Typer Mismatch bug. One of these bug fixes (issue 1196683) was intended to patch a vulnerability that was used during Pwn2Own, and both bug fixes were committed together with regression tests – JavaScript files to trigger these vulnerabilities, said researchers.
Kaspersky trio spots Vista-era zero-days exploited through Chrome Wednesday, 09 June 2021 10:43 Kaspersky trio spots Vista-era zero-days exploited through Chrome Featured Pixabay
Global security firm Kaspersky has revealed that targeted attacks against a number of companies, which it noticed in April, initially used a vulnerability in Google s Chrome browser and then linked this to two zero-days in the Microsoft Windows 10 kernel.
Researchers Costin Raiu, Boris Larin and Alexey Kulaev said in
a detailed blog post that they had been unable to find the exploit used for remotely exploiting Chrome.
This is not surprising as Google s Project Zero team has rarely revealed full details about zero-days in its own products.
Chrome, Edge users told not to overly panic over one-day bug Wednesday, 14 April 2021 10:33 Chrome, Edge users told not to overly panic over one-day bug
Shares Image by Deepanker Verma from Pixabay
Users of the Google Chrome and Microsoft Edge browsers have been told that they need not hold too many fears over a one-day vulnerability in the V8 JavaScript engine used by the two applications, but should still patch as and when patches were made available.
The
bug was disclosed on Twitter by an Indian researcher, Rajvardhan Agarwal, on Tuesday. Edge is based on the engine in Google s open-source Chromium browser.
Chrome and Chromium updated after yet another exploit is found in browser s V8 JavaScript engine theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.