Google Publishes Exploit Code for Unfixed Chromium Vulnerability

Google published proof-of-concept exploit code for a critical, still-unpatched Chromium Browser Fetch API vulnerability that allows malicious Service Workers to spawn never-terminating background fetch tasks, enabling continuous remote JavaScript execution and converting visited browsers into browser-based botnet nodes across Chromium-based browsers; the report details the attack chain, abuse scenarios (DDoS, proxying, traffic redirection, monitoring), affected browsers, and interim mitigations such as restricting Service Workers, disabling background fetch, network monitoring, and browser isolation.