Google accidentally exposed details of an unfixed Chromium flaw that can keep JavaScript running after the browser is closed, enabling remote code execution on affected devices. The issue, reported by researcher Lyra Rebane, impacts Chromium-based browsers like Google Chrome and Microsoft Edge and could be used to build a silent botnet from a single malicious website visit. #Chromium #GoogleChrome #MicrosoftEdge #LyraRebane
Keypoints
- Google leaked details of an unfixed Chromium vulnerability.
- The flaw can keep JavaScript running after the browser is closed.
- An attacker could use a malicious webpage with a Service Worker to trigger remote code execution.
- Chromium-based browsers including Chrome, Edge, Brave, Opera, Vivaldi, and Arc are affected.
- The bug could support botnets, DDoS attacks, and traffic proxying without user awareness.