Couple of days ago, a Indian security researcher have published the POC code for one of the zero-day vulnerability on Google Chrome. Now another zero-day exploit code have been dropped on twitter.
This is the second zero-day remote code execution exploit has been released on Twitter this week that affects Google Chrome (before version 90), Microsoft Edge, and likely other Chromium-based browsers.
The exploit code dropped by the Frust causes the Windows Notepad application to open. frust's remote code execution vulnerability is not capable of escaping Chromium's sandbox security feature. Chromium's sandbox is a security feature that prevents exploits from executing code or accessing files on host computers. Unless a threat actor chains the new zero-day with an unpatched sandbox escape vulnerability, the new zero-day in its current state cannot harm users unless they disable the sandbox.
another chrome 0dayhttps://t.co/QJy24ARKlU— frust (@frust93717815) April 14, 2021
Just here to drop a chrome 0day. Yes you read that right.