FRESH

Hacker News

Google published exploit code for an unfixed Chromium bug

22 points by logickkk1

by gboone

0 subcomment

From the article, a link of details:
https://infosec.exchange/@rebane2001/116606719764376414

by brianmcnulty

0 subcomment

Based on what I can tell, this bug just allows a persistent service worker to run forever by downloading a large file and not letting it complete? Security impact is pretty limited (but definitely not none).
It can make requests but only with no CORS, which could be useful for accessing some weakly secured HTTP resources behind a corporate VPN or something (in the same way any other site can but over a much longer period). It could also potentially be used for tracking user IP address activity, crypto mining, building a botnet, etc.