A video of the way in which the bug can be exploited was released on YouTube.
The demonstration shows how the vulnerability can be used to open applications on Windows desktops, with the example in question being the Notepad application.
The code for the exploit has been uploaded to the Microsoft-owned code repository, GitHub.
another chrome 0dayhttps://t.co/QJy24ARKlU— frust (@frust93717815) April 14, 2021
Just here to drop a chrome 0day. Yes you read that right.
Satnam Narang, staff research engineer with security shop Tenable, told iTWire that the Agarwal's vulnerability appeared to be the same one that was disclosed during the Pwn2Own contest held earlier this month.
According to the results of the contest, the bug was used by Bruno Keith and Niklas Baumstark of Dataflow Security to target Chrome and Edge in the Web browser category.
Ok ok actually a 1day as it's fixed in the latest v8 version but still works on latest chrome ;)— Rajvardhan Agarwal (@r4j0x00) April 12, 2021
Asked for his take on this bug, Satnam Narang, staff research engineer at security company Tenable, said: "What makes both of these publicly disclosed vulnerabilities similar is that they are of limited value by themselves.
"In this case, it takes two to tango, which means they require a separate vulnerability to break out of the Chrome sandbox. Once again, this latest vulnerability is also mitigated by the fact that it is not paired with a flaw to escape the sandbox.
"Therefore, an attacker cannot compromise the underlying operating system or access confidential information without combining this vulnerability with a second vulnerability to escape the sandbox.
"Zero-days may garner most of the attention, but known yet unpatched vulnerabilities enable most breaches and have become favoured by advanced attackers.
"Yesterday, the National Security Agency released a joint cyber security advisory with the FBI and the Cybersecurity and Infrastructure Security Agency, highlighting a series of known vulnerabilities allegedly used by Russian Foreign Intelligence Services.
"Despite the limited impact from the public disclosure of another Google Chrome vulnerability, we continue to encourage users and organisations alike to ensure they are patching their browsers like Chrome and Edge as soon as possible."