Google's Accidental Disclosure Highlights Unpatched Chromium Vulnerability
仅事实

Google's Accidental Disclosure Highlights Unpatched Chromium Vulnerability

Summary

Google inadvertently exposed details of an unpatched Chromium flaw that allows JavaScript to run in the background even after the browser is closed, potentially enabling remote code execution.

Google has inadvertently disclosed details of an unpatched vulnerability in the Chromium browser engine that allows JavaScript code to continue running in the background even after the browser is closed, potentially enabling remote code execution. The issue, initially reported by security researcher Lyra Rebane in December 2022, was acknowledged by Google but remains unresolved.

The flaw enables attackers to create malicious webpages with persistent Service Workers, allowing JavaScript code to execute on users' devices without their knowledge. Rebane highlighted the risk, stating that attackers could exploit this to create botnets without users being aware of the background execution.

Despite being marked as fixed in February 2026, the vulnerability persists. Rebane discovered that the issue remains exploitable in Chrome Dev 150 and Edge 148, noting that in Edge, the exploit operates silently without user prompts.

The vulnerability affects all Chromium-based browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Arc. Given the widespread use of these browsers, the risk to users is significant. Google is expected to prioritize releasing a patch to address this issue promptly.

FL Plus

用 FL Plus 读懂完整新闻

无限新闻,以及每条标题背后的分析。

无限新闻信息流
了解每条新闻的评分原因
完整的事实核查详情