Google is facing criticism after exploit code for an unfixed Chromium vulnerability was made public, potentially affecting users of Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and other Chromium-based browsers.
According to Ars Technica, the proof-of-concept code targets the Browser Fetch programming interface, a feature designed to let browsers download large files, such as long videos, in the background. Security reports say the issue could let JavaScript keep running across browser restarts, creating a path for abuse such as browser hijacking, botnet-style traffic, DDoS activity, or crypto-mining. Ars Technica CSO Online
Unfixed for 42 months (and counting)
The bug was reportedly first disclosed years ago, but parts of the issue appear to have remained unresolved. The concern now is not only the vulnerability itself, but the fact that working exploit details were exposed before a full fix had reached users.
This is another reminder that Chromium is not just Chrome. A flaw in the shared browser codebase can ripple across much of the modern web like a virus itself, including browsers many users view as separate products.
As the CEO and founder of Pubcon and WebmasterWorld., Brett Tabke has been instrumental in shaping the landscape of online marketing and search engine optimization. His journey in the computer industry has spanned over three decades and has made him a pioneering force behind digital evolution. Full Bio
Visit Pubcon.com