



Shortly after Google patched the zero-day exploit published in Chrome, another exploit popped up.

“I’m just here to drop a chrome zero-day. Yes, you’re reading that right,” Twitter user Frust announced early today (April 14).

Another chrome 0day https: //t.co/QJy24ARKlU Just drop chrome 0day here. Yes, you are reading that right. April 14, 2021

The tweet contained a link to a GitHub page that contained JavaScript for a proof-of-concept web page that exploited the flaw.

As shown in the YouTube video, the web page launches Windows Notepad in Chrome or an associated browser. If you can do that, you can do whatever the user can do.

Frust has revealed that this exploit will work with Chrome version 89.0.4389.128 released yesterday (April 13th).

This new vulnerability is considered a “zero-day” flaw. This is because software developers, in this case Google staff and volunteers working on the open source Chromium project, had a “zero day” to fix exploits before they started appearing on “zero days.” .. “

Tom’s Guide can confirm that the proof-of-concept hack actually works in a fully patched version of Microsoft Edge, but I couldn’t get it to work in Chrome.

Other Chromium-derived desktop browsers such as Brave, Opera and Vivaldi are also at risk.

This was two days after another Twitter user posted another Chrome flaw, but after it was revealed that he had found a hacking that won the Pwn2Own contest last week, “zero-day.” I dialed back the label.

The Chrome version released a flawed yesterday’s patch.

Stay in your sandbox, kids

As with the previous “zero-day”, this is problematic. The sandbox must be turned off in the target browser.

Sandboxes prevent malicious processes in your browser from escaping to surrounding operating systems. Sandbox “escape” is a desirable outcome in hacking.

This exploit is not its glorious roster. However, when combined with another attack that could disable sandboxing of the browser, perhaps through another malware infection, a malicious website could unknowingly access the program on your PC. And may run.

Also, Chrome / Chromium flaws are often “platform independent” and can be exploited on Mac and Linux boxes as well.

What to do about this

So what can you do about this? Not so many at this time, except using Firefox or Safari if you’re really worried. Malicious people are unlikely to use it to attack Chrome or Edge in the short term.

A successful attack must be combined with a second exploit, so running either the best Windows 10 antivirus program or the best Mac antivirus program will give you a fair amount of protection.

Google fixed a previous Chrome zero-day flaw in 6 days. Let’s hope the developers can fix this a little sooner.

