Top Stories

Soon after Google patched a publicly disclosed zero-day flaw in Google Chrome, another one has popped up on the Google web browser. The exploit was first spotted by a user on Twitter who goes by the name “frust” (via Tom’s Guide). “Just here to drop a Chrome 0day. Yes, you read that right,” the Twitter user said on Wednesday. Frust also shared a GitHub link for a page that contained JavaScript for a proof-of-concept web page that will exploit the flaw. Frust also demonstrated in a YouTube video, that the web page will launch Windows Notepad in Chrome or a related browser. If it can do that, it can do anything the user does. The tipster said that the exploit worked in Chrome version 89.0.4389.128, which was released on April 13.
The new vulnerability is being categorised as a “zero-day” flaw because the software developers had “zero days” to fix it. The Tom’s Guide report also said that the proof-of-concept hack works in a fully patches version of Microsoft Edge. It also said that other Chromium-based browsers like Brace, Opera, and Vivaldi are also at risk. As with previous “zero-day” flaws, this one also comes with a condition – the targeted browser has to have its sandboxing turned off. Sandboxing is a process that prevents malicious processes in a browser from escaping into the surrounding operating system. “Escaping” a sandbox is considered as an achievement in hacking. The newly-found exploit isn’t able to escape the Sandbox.
So, what can users do to protect themselves and their machines from the zero-day flaw? Currently, there isn’t much to do about this flaw, except using Firefox or Safari instead. However, it is unlikely that malicious hackers will be using this flaw to attach Chrome or Edge in the short term. Google had fixed the previous zero-day flaw in six days, hence, it can be expected that the company will do something about this in a similar time-frame.
Read all the Latest News and Breaking News here

On By marabye

You may also like

The Newsreader review: Exhilirating Australian prestige drama

Exhilirating and compulsive, each episode of new Australian drama The Newsreader will leave you buzzing.You’re going to want more and...

Local shares fell on Friday as investors make last-minute adjustments to their portfolios ahead of the main index’s rebalancing, while unease over rising infections grows.

MANILA, Philippines – Local shares fell on Friday as investors make last-minute adjustments to their portfolios ahead of the main...

There’s a military adage that no plan survives first contact with the enemy. While we haven’t gone to war with Mars, at least not yet, it does seem to be a place where the best-laid sci…

There’s a military adage that no plan survives first contact with the enemy. While we haven’t gone to war with...

Uber will offer access to its platform to regular taxi drivers in Colombia, replicating a move it has already rolled out in other countries in Latin America and Europe since last year.

Ride-hailing app Uber will offer access to its platform to regular taxi drivers in Colombia, it said on Wednesday, replicating a...