Google publishes exploit code threatening millions of Chromium users
Google has published exploit code for a vulnerability in its Chromium browser that has remained unfixed for 29 months. This vulnerability poses a threat to millions of users across various Chromium-based browsers, allowing attackers to monitor user activity and potentially launch denial-of-service attacks. Despite the severity of the issue, Google has not yet provided a patch or clear timeline for a fix.
- ▪The exploit targets the Browser Fetch programming interface, allowing attackers to monitor browser usage.
- ▪The vulnerability has been known for 29 months but remains unpatched, posing risks to millions of users.
- ▪Google's premature publication of the exploit code has raised concerns about the security of Chromium-based browsers.
Opening excerpt (first ~120 words) tap to expand
BOTCHED DISCLOSURE Google publishes exploit code threatening millions of Chromium users Google publishes exploit code before patch, reported 29 months earlier, is fixed. Dan Goodin – May 20, 2026 3:10 pm | 12 Credit: Chromium Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ars Technica.