Google published exploit code for an unfixed Chromium bug

llogickkk1 about 16 hours ago 2 commentsRead Article on arstechnica.com

DE version is available. Content is displayed in original English for accuracy.

⚡ Community Insights

Discussion Sentiment

0% Positive

Analyzed from 83 words in the discussion.

Discussion (2 Comments)Read Original on HackerNews

gboone•about 14 hours ago

From the article, a link of details:

https://infosec.exchange/@rebane2001/116606719764376414

brianmcnulty•about 15 hours ago

Based on what I can tell, this bug just allows a persistent service worker to run forever by downloading a large file and not letting it complete? Security impact is pretty limited (but definitely not none).

It can make requests but only with no CORS, which could be useful for accessing some weakly secured HTTP resources behind a corporate VPN or something (in the same way any other site can but over a much longer period). It could also potentially be used for tracking user IP address activity, crypto mining, building a botnet, etc.