image credit: Pixabay

Google Patches Yet Another Serious V8 Vulnerability in Chrome

April 28, 2021

The flaw, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from Chinese cybersecurity firm Singular Security Lab.

The researcher earned $15,000 for reporting the vulnerability, which Google described as “insufficient data validation in V8.”

Liu told SecurityWeek that the flaw can be exploited for remote code execution in the targeted user’s browser, but noted that, similar to other recently disclosed V8 vulnerabilities, it does not escape the Chrome sandbox — a sandbox escape bug is needed to exploit CVE-2021-21227 in real world attacks.

Read More on Security Week