Google Chrome Dev Channel is vulnerable to a new RCE vulnerability, experts say

The WebAssembly and V8 JavaScript engine used in both the browsers of Google Chrome and Chromium recently patched critical remote code execution vulnerability.

Successful exploitation of the issue could allow an attacker to implement arbitrary code when it comes to the browser due to a use-after-free vulnerability in the instruction optimization component.

Google was informed about the bug in Chrome 101's Dev channel by Weibo Wang, who is a security researcher based in Singapore cybersecurity firm namely Numen Cyber Technology. The bug has since been silently fixed.


According to Wang, It occurs during the instruction selection stage when the wrong instruction is selected, leading to an exception during memory access.

When previously-freed memory is accessed, use-after-free vulnerabilities can result in unexpected behavior and cause a program to crash, make use of data that is corrupted, or even execute arbitrary code.

It is more concerning that a specially designed website can exploit the flaw remotely to bypass security restrictions and run arbitrary code to compromise the system.

To give as many users as possible the opportunity to download the patched version, the company has not yet disclosed the vulnerability via the Chromium bug tracker portal. In addition, Google does not assign CVE IDs to vulnerabilities that are found in non-stable Chrome channels.

In order to ensure their applications are compatible with the latest Chrome features and API changes, Chrome users, especially developers, should update to the latest version available.

Chrome has been found to contain use-after-free vulnerabilities before. 7 such browser bugs were addressed by Google in 2021 after real-world attacks exploited them. Animation was also fixed this year for a use-after-free vulnerability that was actively exploited.