Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack users’ browsers for distributed denial-of-service attacks, run crypto miners, and more.
The vulnerability was reported over three years ago by independent researcher Lyra Rebane and remained unfixed, or at least parts of it. The bug report was made public this week but was then closed again after Rebane reported on Mastodon that the flaw is still not properly fixed.
The bug tracker entry that contains the technical de...