Author: Melodie Foster

Date: 14th April 2021

 

A security researcher posted a working exploit code that would lead to remote code execution on Twitter. The researcher said it affects the current versions of Google Chrome and may also affect other browsers that use the Chromium framework, like Microsoft Edge.

This was a result of an ethical hacking contest held last week where the rules stipulate that the Chrome security team receive details of the code so that they can patch the vulnerability as soon as possible. However, as of the time of writing, a patch has not yet been released to browsers that use Chromium, so Chrome, Edge and other browsers are potentially vulnerable to exploitation.

The exploit that was published includes an HTML file with its corresponding JavaScript file that can be loaded into a Chromium based browser that would launch the calculator program. Attackers would then need to escape the Chrome browser sandbox to be able to execute code remotely – the researcher did not post a full exploit chain that would allow for escaping the sandbox. The researchers that found the vulnerability were awarded $100,000.

Google is expected to release a patch to fix the vulnerability on Tuesday.[1]

[1] https://threatpost.com/chrome-zero-day-exploit-twitter/165363/

 

Other resources

Cyber Success Stories

Arcturus cybersecurity consultants work with everyone from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here.
Find out more >

What can Arcturus do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Arcturus Deep Dives

Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >