Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine.


One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates. This time round the V8 vulnerability is accompanied by a use-after-free vuln in Chrome's rendering engine Blink.

The Blink vuln was discovered during the Zero Day Initiative's Pwn2Own competition last week. No proof-of-concept code has yet been released by legitimate sources, though a very short gif of it in action was published on Twitter by bug hunters Dataflow Security.



Confirmed! The @dfsec_it team of @bkth_ & @_niklasb used a Typer Mismatch bug to exploit the #Chrome renderer and #Microsoft #Edge. They earn $100,000 total and 10 Master of Pwn points. #Pwn2Own pic.twitter.com/6mpl5GPz6c


— Zero Day Initiative (@thezdi) April 7, 2021

Nonetheless, Google warned in its update notes for th ..