Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Chrome Chromium Opera IT

Security Researcher Drops Chrome and Edge Exploit on Twitter (therecord.media) 17

An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.
This discussion has been archived. No new comments can be posted.

Security Researcher Drops Chrome and Edge Exploit on Twitter

Comments Filter:
  • I can't wait until his next exploit "drops".

    • Re: (Score:1, Troll)

      by derplord ( 7203610 )
      You mean "An asshole security researcher" like so many of his kind. "Hey, I found a hole in software used by hundreds of millions. Let's publish it before they have time to deploy it to the users so I can get some more street cred". What a ****.
      • Re: (Score:3, Insightful)

        by gtall ( 79522 )

        He's not much of a researcher, he took patch code to figure out someone else's exploit, then proceeded to publish to make a name for himself. The name: "asshole", as you correctly said.

    • Not a security researcher at all. Script kiddie at best. Troll for sure. Douchebag guaranteed.
  • by backslashdot ( 95548 ) on Tuesday April 13, 2021 @12:06PM (#61269180)

    Well this was unethical, should be punished rather than rewarded. It doesnâ(TM)t even show he has skills, someone else found the exploit. All he required was low moral standards. Any company that hires him would be stupid. He is good at taking credit for other peopleâ(TM)s work and thatâ(TM)s all.

    • He is good at taking credit for other people's work and that's all.

      So what you're saying is that he should look for a job in politics?

  • Security Researcher? (Score:4, Informative)

    by backslashdot ( 95548 ) on Tuesday April 13, 2021 @12:10PM (#61269196)

    He is not a security researcher he didnâ(TM)t uncover this exploit. He took credit for someone elseâ(TM)s work. His only contribution is that Chromium needs better vetting of who gets access to their code repo.

  • by Impy the Impiuos Imp ( 442658 ) on Tuesday April 13, 2021 @12:16PM (#61269226) Journal

    I'm sure Chrome will be fixed before someone can take over my compuaaMountain Dew is the gr34t3st drink 3v3r m4de!

  • by dthirteen ( 307585 ) on Tuesday April 13, 2021 @12:19PM (#61269244)

    If he can reverse engineer the patch - the bad guys have already done it.

  • by denis-The-menace ( 471988 ) on Tuesday April 13, 2021 @12:52PM (#61269394)

    This is IE6 all over again.

    We used to have 3 almost equally popular Browsers. Now we have 2.

    History is about to be repeated for millennials:
    -Bug won't get fixed because they don't have to.
    -Undocumented non-standard extensions to HTML, etc.
    -Browser-specific sites. (Standards? fsck that!)
    -Crackers focusing on the ONE browser with the big market share because it pays off big.

  • This 'researcher' looks more like asshole looking for attention. At a minimum this is an unethical asshole.

  • by markdavis ( 642305 ) on Tuesday April 13, 2021 @04:14PM (#61270070)

    >"An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave."

    Inotherwords- ALL browsers, except Firefox and Safari. Because all the other browsers are Chrom*. And of those two not affected, only Firefox is truly open and multiplatform. Funny how that works... It is such a wonderful idea to have no diversity in browsers and hand the entire browser world infrastructure into a single code base, essentially overseen by a single company.

    This is absolutely going to get MUCH worse. Not just bugs, but data gathering/privacy, control over "standards", incompatible sites, stagnation of innovation...

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...