Researcher publishes Google Chrome exploit

[silversurfer]

Vulnerability patched in Chrome's V8 JavaScript engine, but the fix has not yet reached the Chrome stable branch.

A security researcher has published today proof-of-concept code for an unpatched Google Chrome vulnerability.

The security flaw has been fixed in V8, Chrome's JavaScript engine, but the fix has not yet reached the browser's stable version --v73-- the one used by an estimated over one billion users.

The exploit code was put together by István Kurucsai, a security researcher for Exodus Intelligence, and released today on GitHub, along with a demo video (see above).
 
The reason why the researcher published this proof-of-concept exploit code was to highlight a glaring hole in Google's patching process, which allows for a small interval of time during which attackers can develop Chrome exploits and launch attacks on users.

This gap comes from Chrome's IT supply chain, which involves importing and testing code from different open source projects.
 
In this case, Google engineers fixed a V8 security issue on March 18, which it later become public in the V8 project's changelog and source code, but had yet to reach the Chrome Stable release.

SOURCE: https://www.zdnet.com/article/researcher...e-exploit/