Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine.
One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates. This time round the V8 vulnerability is accompanied by a use-after-free vuln in Chrome's rendering engine Blink.
The Blink vuln was discovered during the Zero Day Initiative's Pwn2Own competition last week. No proof-of-concept code has yet been released by legitimate sources, though a very short gif of it in action was published on Twitter by bug hunters Dataflow Security.
Confirmed! The @dfsec_ ..
Support the originator by clicking the read the rest link below.
