Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability

The second and effective zero day on Chromium-based browsers such as Google Chrome and Microsoft Edge was posted consecutively, just after yesterday’s zero-day RCE. This time, Frust, a security researcher, tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. He has released a working proof-of-concept exploit.

Unless a threat actor chains the new zero-day with an unpatched sandbox escape vulnerability, the new zero-day in its current state cannot harm users unless they disable the sandbox. Browser’s sandbox is a security protection that prevents malicious code from reaching the underlying OS.

Once the sandbox is disabled, the PoC exploits browsers to launch the notepad app on Windows 10 devices. At Qualys labs, we’ve tried to recreate the lab environment and successfully tested the PoC on latest deployment of Chrome (90.0.4430.72) as well as Microsoft Edge (89.0.774.77) browsers.

Image Source: Qualys

Image Source: Qualys

According to latest updates, patches for this new exploit are being worked on and will be available soon as said by the browser giants.

Affected products

  • Google Chrome prior to 90.0.4430.72
  • Microsoft Edge prior to 89.0.774.77

Qualys Detection

Qualys customers can scan their network with QID(S) 375461 and 375463  to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.

References and Sources

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html

https://www.youtube.com/embed/qZFzuHNqazo

https://github.com/avboy1337/1195777-chrome0day

https://www.bleepingcomputer.com/news/security/second-google-chrome-zero-day-exploit-dropped-on-twitter-this-week/

https://twitter.com/frust93717815/status/1382307630769598466

https://twitter.com/PatrizioBytes/status/1382416482684964870

Leave a Reply

Your email address will not be published. Required fields are marked *