“While it is concerning that details about a vulnerability in popular web browsers has been publicly disclosed, the cause for concern dissipates when you consider that the vulnerability by itself cannot escape Google’s sandbox. This means that an attacker could not compromise the underlying operating system or access confidential information. It’s sort of like clapping your hands; you can’t truly clap with just one hand, you need both. Similarly, in this instance, an attacker would need to chain this V8 vulnerability with a second vulnerability to escape the sandbox.
“Despite that, we strongly encourage users and organizations alike to ensure they are patching their browsers like Chrome and Edge as soon as possible, as unpatched browsers and systems are ripe targets for cybercriminals and advanced persistent threat groups.”– Satnam Narang, Staff Research Engineer, Tenable