New Zero-Day Vulnerability Found in Google Chrome and Microsoft Edge Posted on Twitter
An Update to Google’s Browser that Fixes the Zero-Day Vulnerability Is Expected to Be Released Next Week.
Not long after Google patched a publicly divulged zero-day vulnerability in Google Chrome, another one has appeared on the Google web browser.
Apparently, the new zero-day vulnerability impacts the current versions of Google Chrome and possibly other browsers as well, like Microsoft Edge, that uses the Chromium framework.
What Is A Zero-Day Vulnerability?
The term “Zero-day” is an imaginative time, as this type of cyberattack happens in less than a day since the awareness of the security flaw. Thereby, not giving developers ample time to eradicate or mitigate the potential risks associated with this vulnerability.
another chrome 0dayhttps://t.co/QJy24ARKlU
Just here to drop a chrome 0day. Yes you read that right.
— frust (@frust93717815) April 14, 2021
As frust showed in a YouTube video, the web page will open Windows Notepad in Chrome or an associated browser. If it can do that, it can do anything the user does. Other Chromium-derived desktop browsers, such as Brave, Opera, and Vivaldi are also in danger.
The researcher stated that the exploit worked in Chrome version 89.0.4389.128, which was released on April 13.
According to a published report from Recorded Future, as with previous zero-day flaws, threat actors would still need to escape the Chrome browser “sandbox,” a security feature preventing browser-specific code from reaching the basic operating system, to complete full Remote Code Execution (RCE).
The newly-found exploit can’t harm users in its current state since it isn’t able to escape the Sandbox, but if it were to be combined with another attack, maybe through a separate malware infection able to disable the browser sandboxing, then victims would get infected.
According to BleepingComputer, the new zero-day vulnerability runs by launching the current versions of Google Chrome and Microsoft Edge using the –no-sandbox argument, which deactivates the sandbox security function. Once the sandbox is disabled, the flaw could launch Notepad on Google Chrome 89.0.4389.128 and Microsoft Edge 89.0.774.76, which are the newest versions of both browsers.
Heimdal™ Threat Prevention - Endpoint
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Google was planned to release Chrome 90 for Desktop on April 13th, but instead released the new version of Chrome to fix the zero-day vulnerability released on Monday.
Meantime, you need to know what to do to protect yourself and your devices from this new zero-day vulnerability. It’s true, it isn’t much you can do about it at this moment, but if you are worried you can use Firefox or Safari instead.