Rebane1d ago

back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member

in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser

today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121

Show threadRebane1d ago
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS 💀💀
Show threadRebane1d ago

even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!

all from just visiting a single website once !!

Show threadRebane1d ago
issue set to private again, hopefully it'll get fixed properly this time :p
Show threadAlesandro Ortiz 🇵🇷🏳️‍🌈
@rebane2001 Nice find! I should have woken up earlier to see the details. 😅
May 20 at 3:34pmWeb