Google has released a new version of Chrome for Windows, Mac and Linux, in which developers are patching two recently discovered 0-day vulnerabilities. According to the company, exploits are already available for these bugs. Problems received identifiers CVE-2021-21206 and CVE-2021-21220.
The CVE-2021-21206 vulnerability was discovered in the V8 JavaScript engine and is related to the RCE exploit published earlier this week. Let me remind you that this bug was used to compromise Chrome and Edge by experts from the Dataflow Security team, who eventually received $100,000 for this vulnerability at the recently concluded Pwn2Own competition.
The exploit was published a few days later by Indian researcher Rajvardhan Agarwal, who managed to find the bug by examining the patches in the V8 source code.
Google confirmed that the patch was specifically related to this issue, and also explained that the vulnerability was due to incorrect validation of untrusted inputs in V8 for x86-64.
Interestingly, Agarwal told The Hacker News that there is another vulnerability fixed in the latest version of V8, for which the patch was not included in the updated version of Chrome.
The second vulnerability fixed in the Google browser (CVE-2021-21220) is of the use-after-free type and was found in the Blink engine. It is known that an anonymous researcher notified the company about it on April 7.
Twitter posted the second exploit this week for a zero-day vulnerability in Chromium, which affects Chrome, Edge and probably other browsers.
Proof of concept exploit was published by a researcher known as frust.
The specialist also published a video demonstrating the exploitation of the vulnerability.
As well as the first bug, the vulnerability found by frust prevents escape from the Chromium sandbox. That is, the attacker will first need to get out of the sandbox by combining the problem with other vulnerabilities. For example, the vulnerability works in Chrome (89.0.4389.128) and Edge (89.0.774.76) if you use the –no-sandbox argument.
It is not yet clear if this issue is fixed in the new Chrome 90 released the day before.
Let me remind you that researcher discovered that Chrome Sync function can be used to steal data.