Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.
The exploit was published a few days later by Indian researcher Rajvardhan Agarwal, who managed to find the bug by examining the patches in the V8 source code.
Google confirmed that the patch was specifically related to this issue, and also explained that the vulnerability was due to incorrect validation of untrusted inputs in V8 for x86-64.
Interestingly, Agarwal told The Hacker News that there is another vulnerability fixed in the latest version of V8, for which the patch was not included in the updated version of Chrome.
The second vulnerability fixed in the Google browser (CVE-2021-21220) is of the use-after-free type and was found in the Blink engine. It is known that an anonymous researcher notified the company about it on April 7.
Twitter posted the second exploit this week for a zero-day vulnerability in Chromium, which affects Chrome, Edge and probably other browsers.
Proof of concept exploit was published by a researcher known as frust.
The specialist also published a video demonstrating the exploitation of the vulnerability.
As well as the first bug, the vulnerability found by frust prevents escape from the Chromium sandbox. That is, the attacker will first need to get out of the sandbox by combining the problem with other vulnerabilities. For example, the vulnerability works in Chrome (89.0.4389.128) and Edge (89.0.774.76) if you use the –no-sandbox argument.
It is not yet clear if this issue is fixed in the new Chrome 90 released the day before.
Let me remind you that researcher discovered that Chrome Sync function can be used to steal data.