Google published exploit code for an unfixed Chromium bug
logickkk1
28 points
2 comments
May 20, 2026
Related Discussions
Found 5 related stories in 94.3ms across 8,303 title embeddings via pgvector HNSW
- Chromium publishes fixed exploit 4 years later, turns out it's unfixed birdculture · 20 pts · May 21, 2026 · 74% similar
- Claude Opus wrote a Chrome exploit for $2,283 Mohansrk · 18 pts · April 18, 2026 · 64% similar
- A 0-click exploit chain for the Pixel 10 happyhardcore · 353 pts · May 15, 2026 · 58% similar
- Google says criminal hackers used AI to find a major software flaw donohoe · 151 pts · May 11, 2026 · 57% similar
- 'Dirty Frag' exploit leaks out, gives root on most Linux machines lschueller · 15 pts · May 08, 2026 · 56% similar
Discussion Highlights (2 comments)
brianmcnulty
Based on what I can tell, this bug just allows a persistent service worker to run forever by downloading a large file and not letting it complete? Security impact is pretty limited (but definitely not none). It can make requests but only with no CORS, which could be useful for accessing some weakly secured HTTP resources behind a corporate VPN or something (in the same way any other site can but over a much longer period). It could also potentially be used for tracking user IP address activity, crypto mining, building a botnet, etc.
gboone
From the article, a link of details: https://infosec.exchange/@rebane2001/116606719764376414