Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript across browser restarts.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

An unpatched vulnerability in Chromium, reported over three years ago, allows attackers to execute JavaScript persistently across browser restarts by abusing the Service Worker feature and Background Fetch API. The flaw enables a persistent service worker by rapidly creating and aborting background fetches every 20 seconds, bypassing the service worker's normal lifespan limits. Exploitation can lead to persistent user tracking, crypto mining, side-channel attacks, and DDoS abuse by hijacking thousands of browsers. The bug report was briefly made public before being closed again, but technical details were archived and remain accessible online. While some UI-level fixes were applied in early 2023, the core issue reportedly remains unresolved as it requires a specification-level change to introduce a hard time limit for service worker termination.

Google leaks details for Chromium bug that can turn browsers into bots