Unbiased AI-powered news
Google published proof-of-concept code for a vulnerability in its Chromium browser that affects Chrome, Edge, and other Chromium-based browsers. The flaw, reported 29 months earlier, allows attackers to monitor browser activity and create persistent connections.
Substrate placeholder — needs reviewGoogle on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase. The code targets the Browser Fetch programming interface, which allows long videos and other large files to be downloaded in the background. An attacker can use the exploit to monitor aspects of a user's browser usage and to act as a proxy for viewing sites and launching denial-of-service attacks.
Depending on the browser, the connections either reopen or remain open even after the browser or device has rebooted.
The unfixed vulnerability can be exploited by any website a user visits. A compromise amounts to a limited backdoor that makes a device part of a limited botnet. The capabilities are limited to actions a browser can perform, such as visiting malicious sites, providing anonymous proxy browsing, enabling proxied denial-of-service attacks, and monitoring user activity.
Lyra Rebane, the independent researcher who discovered the vulnerability and privately reported it to Google in late 2022, said the exploit code Google published would be "pretty easy" to use. He added that scaling it to control large numbers of devices would require more work.
Its severity was rated S1, the second-highest classification. The vulnerability remained unknown except to Chromium developers until it was published to the Chromium bug tracker on Wednesday morning. Rebane initially assumed the vulnerability was finally fixed.
Shortly thereafter, he learned that it remained unpatched. Google removed the post, but it remains available on archival sites along with the exploit code. Google representatives did not immediately respond to an email asking how and why the vulnerability and exploit code were published and if or when a fix would become available.
Rebane confirmed that Brave, Opera, Vivaldi, and Arc are also vulnerable. Both Firefox and Safari are unaffected because they do not support the browser-fetching feature. Users of Chromium browsers should be suspicious of download dropdowns that appear for no reason.
Single source — no framing comparison available.
theregister.comA bug in Amazon Web Services billing software displayed incorrect estimates ranging from millions to trillions of dollars for some customers. Amazon said the estimates do not reflect actual usage and that it is rolling back the change.
ZeroHedgeMeta is in talks to rent computing power from its AI data centers to Anthropic in a potential arrangement worth up to $10 billion over two years. Anthropic proposed the deal in June 2026.
Al JazeeraChinese President Xi Jinping urged international cooperation on artificial intelligence and warned against any single country dominating the field during a keynote address at the World Artificial Intelligence Conference in Shanghai. He also announced plans to work with partners i…