A threat actor has surfaced, claiming to be selling a 0day Sandbox Escape Remote Code Execution (RCE) vulnerability in the Chrome browser. The exploit is said to work on versions 126.0.6478.126 and 126.0.6478.127 of the Chrome browser.
According to the threat actor, the vulnerability has been tested and confirmed to function on Windows operating systems, specifically versions 21H1 and 21H2. The asking price for this exploit is $1,000,000, payable in Monero (XMR) or Bitcoin (BTC).
The threat actor has indicated that transactions will be conducted with a middleman or guarantor to ensure security for both parties. This exploit poses a significant threat given its capability to bypass the browser’s sandboxing mechanisms, potentially allowing attackers to execute arbitrary code on affected systems.