Google inadvertently published a proof-of-concept exploit for a 29-month-old vulnerability in the Chromium engine, leaving millions of users exposed to potential attacks. The flaw resides in the Browser Fetch interface, a feature designed for large background downloads, which can be weaponized to monitor user activity, act as a proxy for web traffic, or launch distributed denial-of-service (DoS) attacks. While Google eventually removed the bug tracker post, the exploit code remains accessible via web archives.
The vulnerability was originally discovered by independent researcher Lyra Rebane in late 2022. Because the flaw affects the underlying engine, it impacts a wide range of popular browsers including:
- Microsoft Edge
- Brave
- Opera
- Vivaldi and Arc
Users are advised to remain vigilant and avoid interacting with unexpected download prompts. Notably, Firefox and Safari users are safe from this specific threat as neither browser supports the vulnerable Browser Fetch feature.
