An unfixed vulnerability in the Chromium Browser Fetch API allows any visited website to establish persistent connections, enabling attackers to monitor user activity, use the browser as a proxy, or launch denial-of-service attacks, effectively creating a limited botnet. The proof-of-concept exploit code has been publicly released by Google, and the vulnerability has remained unpatched for over 29 months. The article does not provide specific version ranges, a CVSS score, a fixed version, or a recommended workaround.
Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background. An attacker can use the exploit to create a connection for monitoring some aspects of a user’s browser usage and as a proxy for viewing sites and launching denial-of-service attacks. Depending on the browser, the connections either reopen or remain open even after it or the device running it has rebooted. Unfixed for 29 months (and counting) The unfixed vulnerability can be exploited by any website a user visits. In effect, a compromise amounts to a limited backdoor that makes a device part of a limited botnet. The capabilities are limited to the same things a browser can do, such as visit malicious sites, provide anonymous proxy browsing by others, enable proxied DDoS attacks, and monitor user activity. Nonetheless, the exploit could allow an attacker to wrangle thousands, possibly millions, of devices into a network. Once a separate vulnerability becomes available, the attacker could use it to then compromise all those devices. Read full article Comments