POC Exploit for Chromium Browser Published Online

The PoC exploit is designed for a vulnerability in Chromium exploited in the recent Pwn2Own competition.

Indian security researcher Rajvardhan Agarwal has published a PoC exploit for a recently discovered vulnerability affecting Google Chrome, Microsoft Edge and other Chromium-powered browsers such as Opera and Brave. According to him, the PoC exploit was developed for a vulnerability exploited in the Pwn2Own hacking competition, which took place last week.

During the competition, security researchers of the information security company Dataflow Security Bruno Keith and Niklas Baumstark were able to exploit a vulnerability in Chrome and Edge to launch malicious code, for which they received a reward of $ 100 thousand. According to the rules of the competition, details about the issue was reported directly to the Chrome security team so that they can prepare a fix as soon as possible.

Although the details of the vulnerability were not publicly disclosed, an Indian researcher discovered patches that fix it by looking at source code commits in the V8 JavaScript engine, which is a component of Chromium-based browsers. Thus, he was able to recreate the exploit used on Pwn2Own.

Despite the fact that the Chromium developers patched the vulnerability in V8 last week, the patch has not yet been integrated with the official releases of popular Chromium-based browsers, including Chrome, Edge, and others, which are currently still vulnerable to attacks.

However, we must pay tribute to Agarwal - the exploit he published does not allow the attack to be carried out completely. It can be used to run malicious code on the attacked OS (as a rule, this is the second stage of the attack), but to do this, you first need to bypass the browser sandbox (the first stage of the attack). That is, to carry out a full-fledged attack, an attacker first needs to come up with a way to bypass the sandbox, and only after that he will be able to execute the code.

However, the exploit is still a threat as it can be used in attacks against services running embedded / standalone versions of Chromium, where sandboxing protection is not always enabled, as it requires access to very large physical resources.