Browsers were always attractive targets for hackers because of many reasons, such as their popularity and their huge remote attack surface. Thus, Chrome developers invest a lot of efforts in attack mitigations for making those vulnerabilities unexploitable (or, at least, hardly exploitable). In this talk, I will reveal a novel 0-day vulnerability in Chrome I found that provides remote-code-execution (RCE). I will also explain how I bypassed all of the attack mitigation to gain a working exploit.