GOOGLE has published exploit code for a critical vulnerability in its Chromium codebase that affects millions of users across various browsers, including Chrome and Microsoft Edge. The proof-of-concept exploits the Browser Fetch API, enabling attackers to monitor browser activity and potentially launch denial-of-service attacks. This vulnerability, reported 29 months ago, has not been fixed despite its severity being rated S1, the second-highest classification.
The exploit can be used by any website visited by a user, effectively creating a limited backdoor for attackers. Though it remains unaddressed, the vulnerability primarily targets Chromium browsers like Brave and Opera, while Firefox and Safari are unaffected. Users are advised to be cautious of unexplained download prompts.