Particle.news
Download on the App Store
4 ARTICLES
·
4w ago

Google Posts Proof-of-Concept for Unpatched Chromium Flaw

The exposed code creates persistent background browser connections that can proxy traffic, monitor users, and enable large-scale abuse.

Overview

  • Google briefly published proof-of-concept exploit code to the Chromium issue tracker on Wednesday and then removed the post, but archival copies of the code remain available.
  • Independent researcher Lyra Rebane reported the flaw to Google in late 2022 and the bug stayed unpatched for 29 months before the recent public exposure.
  • The exploit abuses the Browser Fetch interface and a persistent JavaScript worker to keep connections alive in the background even after a browser is closed or the device reboots in some builds.
  • Chromium developers rated the problem S1, the second-highest severity, and the flaw affects Chrome, Microsoft Edge and most other Chromium-based browsers, putting millions of users at risk.
  • Users and IT teams should watch vendor advisories for emergency patches, consider tightening browser settings and blocking suspicious background fetches at the network level until vendors release fixes.