Issues within Chromium
, the engine behind Google Chrome and Microsoft Edge, have been popping up left and right lately
. That trend is not set to end any time soon, it seems, as a new zero-day Chromium vulnerability has been found with a working proof of concept posted to GitHub.
Yesterday, Twitter user Frust posted that they were “Just here to drop a chrome 0day,” along with a link to the GitHub hosting the information. The GitHub repository currently contains a proof-of-concept webpage that will exploit the flaw within Chromium.
This flaw was demonstrated in a YouTube video that we posted below, showing proof-of-concept
working in the latest version of Chrome. The only major catch with this is that the browser must have sandboxing turned off for the exploit
to work. Sandboxing is the method by which Chromium browsers protect against malicious web apps accessing things outside the browser.
Therefore, to work in the wild, an attacker would need to have something that disables the sandbox mode and then have the user go to a malicious site. With this requirement, the attack would be incredibly difficult to execute and thus not appear often.
If you are concerned, however, you can use always non-Chromium-based browsers such as Firefox, or simply wait for Google and Microsoft to patch their respective browsers. Either way, let us know what you think of all the Chromium zero-days popping up in the comments below.