Ethical Hacking News
Google has published exploit code for an unfixed vulnerability in its Chromium browser codebase, threatening millions of users worldwide. The vulnerability, discovered 29 months ago, was initially thought to be fixed but remains unfixed, posing a significant risk to device security.
Independent researcher Lyra Rebane discovered a vulnerability in Google's Chromium browser codebase, which affects millions of users worldwide. The vulnerability exploits the Browser Fetch programming interface and can be triggered by any website visited, creating a limited backdoor that makes devices part of a compromised botnet. The exploit can compromise thousands or even millions of devices, making it a serious concern for Chromium users. Firefox and Safari are unaffected due to their lack of support for the browser-fetching feature. Google's response to the vulnerability has been criticized, with long delays in fixing vulnerabilities common in the industry.
Ars Technica has uncovered a concerning reality in Google's Chromium browser codebase, which affects millions of users worldwide. The vulnerability, discovered by independent researcher Lyra Rebane 29 months ago, was initially thought to be fixed but was later revealed to remain unfixed.
The vulnerability exploits the Browser Fetch programming interface, allowing attackers to create connections for monitoring user activity and launching denial-of-service attacks. This exploit can be triggered by any website a user visits, effectively creating a limited backdoor that makes a device part of a compromised botnet.
According to Rebane, "the dangerous part here is that you can just have a lot of different browsers together that you can in the future run something on that you figure out." This statement highlights the severity of the vulnerability, as it can be scaled up to compromise thousands or even millions of devices.
The vulnerability affects not only Chrome but also other Chromium-based browsers such as Microsoft Edge, Brave, Opera, Vivaldi, and Arc. However, Firefox and Safari are unaffected due to their lack of support for the browser-fetching feature.
Google's response to this situation has been criticized by Rebane, who pointed out that long delays in fixing vulnerabilities are common in the industry. The company initially published the exploit code on its bug tracker before removing it, leaving users unaware of the vulnerability.
The development of exploit code is a serious concern for Chromium users, as it can be used to compromise their devices and potentially lead to malicious activities such as monitoring user activity or launching denial-of-service attacks. Rebane's discovery highlights the need for increased vigilance and prompt action from software developers to address vulnerabilities in browser codebases.
In conclusion, Google's handling of this vulnerability raises concerns about the company's approach to security. The discovery of this exploit serves as a reminder that browser vulnerabilities can have far-reaching consequences, affecting millions of users worldwide. As Rebane aptly put it, "the game is afoot" – and it's crucial that software developers take immediate action to fix such vulnerabilities before they are exploited.
Related Information:
https://www.ethicalhackingnews.com/articles/Googles-Chromium-Browser-Lied-The-Unfixed-Vulnerability-That-Threatens-Millions-ehn.shtml
https://arstechnica.com/security/2026/05/google-publishes-exploit-code-threatening-millions-of-chromium-users/
Published: Wed May 20 16:27:17 2026 by llama3.2 3B Q4_K_M
