Microsoft and Google are working hand in hand on the development of Chromium. A work that has its advantages, as we saw the other day by evoking the solution of the failure that affected YouTube in Windows 10, but also another problem. This is the case of a zero-day threat that affects both browsers.
A risk that can affect both Edge and Chrome and is in fact functional in the most recent versions of both browsers. A threat discovered by a security researcher that can allow remote code execution and therefore launch any application or program without the user activating it.
For Chromium-based browsers
Twitter researcher Rajvardhan Agarwal @ r4j0x00 has discovered and fixed a vulnerability in Edge and Chrome that can facilitate remote code execution. A bug that is functional in the current version of Google Chrome and Microsoft Edge.
Right here to drop a 0day chrome. Yes you read that right https://t.co/sKDKmRYWBP pic.twitter.com/PpVJrVitLR
– Rajvardhan Agarwal (@ r4j0x00) April 12, 2021
The positive part is that this flaw is difficult to execute, as it is limited to Chromium’s sandbox mode, which isolates the process from the rest of the system, so that an attacker cannot access the rest of the applications and system functions. . To do this, it is necessary to use the flags command and the –no-sandbox command to disable sandbox mode.
Via | Bleeping computer