A critical vulnerability in the Chromium browser engine, which powers popular browsers like Google Chrome and Microsoft Edge, has been exposed, allowing attackers to execute malicious JavaScript code even after a browser restart. This flaw, initially reported by researcher Lyra Rebane over three years ago, enables hackers to hijack browsers for large-scale attacks, such as distributed denial-of-service assaults or cryptocurrency mining operations1. The vulnerability's details were recently made public, although the bug report was subsequently closed. The fact that this issue remains unpatched poses significant risks to users, as it can transform their browsers into bots under the control of malicious actors. This oversight matters to security practitioners because it underscores the importance of closely monitoring the security of widely-used browser engines and assessing the potential impact on their own environments.
Google leaks details for Chromium bug that can turn browsers into bots
⚡ High Priority
Why This Matters
Security developments involving Microsoft add to the evolving threat landscape — assess relevance to your environment.
References
- CSO Online. (2026, May 23). Google leaks details for Chromium bug that can turn browsers into bots. CSO Online. https://www.csoonline.com/article/4176504/google-leaks-details-for-chromium-bug-that-can-turn-browsers-into-bots.html
Original Source
CSO Online
Read original →