Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New Zero-Day Vulnerability Found in Google Chrome and Microsoft Edge Posted on Twitte
#1
Exclamation 
Quote:
[Image: Heimdal-Security-News-and-Updates-1030x360-6.png]

An Update to Google’s Browser that Fixes the Zero-Day Vulnerability Is Expected to Be Released Next Week.

Not long after Google patched a publicly divulged zero-day vulnerability in Google Chrome, another one has appeared on the Google web browser.

Apparently, the new zero-day vulnerability impacts the current versions of Google Chrome and possibly other browsers as well, like Microsoft Edge, that uses the Chromium framework.

What Is A Zero-Day Vulnerability?
 
Quote:The term “Zero-day” is an imaginative time, as this type of cyberattack happens in less than a day since the awareness of the security flaw. Thereby, not giving developers ample time to eradicate or mitigate the potential risks associated with this vulnerability.

The exploit was first noticed on Wednesday by a user on Twitter who goes by the name frust. The tweet also included a link to a GitHub page containing JavaScript for a proof-of-concept web page that will use the vulnerability.

https://twitter.com/frust93717815/status...ft-edge%2F

As frust showed in a YouTube video, the web page will open Windows Notepad in Chrome or an associated browser. If it can do that, it can do anything the user does. Other Chromium-derived desktop browsers, such as Brave, Opera, and Vivaldi are also in danger.

The researcher stated that the exploit worked in Chrome version 89.0.4389.128, which was released on April 13.

According to a published report from Recorded Future, as with previous zero-day flaws, threat actors would still need to escape the Chrome browser “sandbox,” a security feature preventing browser-specific code from reaching the basic operating system, to complete full Remote Code Execution (RCE).

The newly-found exploit can’t harm users in its current state since it isn’t able to escape the Sandbox, but if it were to be combined with another attack, maybe through a separate malware infection able to disable the browser sandboxing, then victims would get infected.

According to BleepingComputer, the new zero-day vulnerability runs by launching the current versions of Google Chrome and Microsoft Edge using the –no-sandbox argument, which deactivates the sandbox security function. Once the sandbox is disabled, the flaw could launch Notepad on Google Chrome 89.0.4389.128 and Microsoft Edge 89.0.774.76, which are the newest versions of both browsers.

Google was planned to release Chrome 90 for Desktop on April 13th, but instead released the new version of Chrome to fix the zero-day vulnerability released on Monday.

Meantime, you need to know what to do to protect yourself and your devices from this new zero-day vulnerability. It’s true, it isn’t much you can do about it at this moment, but if you are worried you can use Firefox or Safari instead.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>