While this zero-day vulnerability has already been publicly disclosed, it has not yet been patched in the latest version of Chrome or Edge.
- We've compiled a list of the best browsers around
- These are the best endpoint protection solutions on the market
- Also check out our roundup of the best ransomware protection
In order for Agarwal's exploit to work, it needs to be chained to another vulnerability that could allow it to get out of of the Chromium sandbox. To test the exploit, BleepingComputer launched both Chrome and Edge with the –no-sandbox flag enabled and from there, the news outlet was able to use the exploit to launch the calculator on a system running Windows 10.
Although releasing a zero-day exploit on Twitter is controversial on its own, some users on the social network took issue with the fact that Agarwal didn't credit Bruno Keith and Niklas Baumstark from Dataflow Security that first discovered the vulnerability. However, Agarwal claims that he wasn't aware that they had discovered the vulnerability when releasing his exploit.
Google is expected to release Chrome 90 to the Stable channel soon and we'll have to wait to see if the upcoming version of its browser includes a fix for this remote code execution vulnerability.
- We've also highlighted the best antivirus
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.