An Indian security researcher Rajvardhan Agarwal has released a PoC (proof-of-concept) exploit code for a vulnerability that’s mainly impacting web browsers.
This flaw was demonstrated at the Pwn2Own 2021 hacking contest and was initially discovered by Bruno Keith and Niklas Baumstark from Dataflow Security. The duo was awarded $100,000 for exploiting this flaw to run malicious code on Chrome and Edge.
About the Proof of Concept
Agarwal was able to launch the Windows calculator app through the exploit. He could design the PoC by reverse-engineering the Chromium team’s patch after the flaw was shared with the company.
Screenshot shared by Agarwal on his Twitter account:
Google has Fixed the Issue.
It is worth noting that Google has fixed the issue in the latest V8 version, but it hasn’t yet reached the stable channel. Therefore, many browsers are currently vulnerable to exploitation. Google may ship Chrome90 anytime now, and we aren’t sure if it will have a path for the V8 flaw.