Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug

Google published proof-of-concept exploit code for a high-risk, unpatched Chromium Browser Fetch API flaw first reported in 2022. The vulnerability allows attackers to register Service Workers that initiate indefinite background fetches, enabling persistent communication with attacker-controlled C2 servers and effectively turning infected Chromium-based browsers (Chrome, Edge, Brave, Opera) into lightweight botnet nodes. The issue is tracked as Priority 1/Severity 2 internally, can require no user interaction beyond visiting a malicious site, may persist across restarts in some implementations, and has broad impact potential given the scale of Chromium users; the report urges disabling Service Worker/background fetch features via policy, monitoring outbound browser traffic, and using isolation until a patch is available.