Rebane2d ago

back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member

in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser

today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121

Show threadRebane2d ago
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS 💀💀
Show threadRebane2d ago

even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!

all from just visiting a single website once !!

Show threadRebane2d ago
issue set to private again, hopefully it'll get fixed properly this time :p
Show threadViss
@rebane2001 could you test vivaldi? :D
May 20 at 10:25pmWeb
Show threadSean1d ago

@Viss @rebane2001 it's mentioned in an Ars Technica article that Vivaldi is also vulnerable.

>Other browsers Rebans confirmed as vulnerable include Brave, Opera, Vivaldi, and Arc.

Show threadViss1d ago
@seanm @rebane2001 spectacular