Google publishes exploit code threatening millions of Chromium users
Summary
Google shared exploit code for a security weakness in Chromium, the software behind Chrome and other browsers, that is still not fixed after more than two years. This flaw lets attackers create hidden connections in users' browsers to spy on activity, use devices as proxies, or carry out attacks that overload targeted websites.Key Facts
- The vulnerability affects Chrome, Microsoft Edge, and almost all browsers based on Chromium.
- The flaw involves the Browser Fetch API, which helps download large files like long videos in the background.
- Hackers can use this bug to monitor browsing activity and direct attacks through infected browsers.
- These connections may stay active even after restarting the browser or device.
- The security problem was discovered in late 2022 but has not been fixed for 29 months.
- Google accidentally published the exploit code publicly before patching the issue.
- The vulnerability was rated with a high severity level (S1).
- Experts say this weakness could be used to control thousands or millions of devices in a network for attacks.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.