Chrome Botnet Flaw Could Let Malicious Websites Hijack Browsers in the Background

A newly disclosed Chromium browser flaw could affect browsers such as Google Chrome, Microsoft Edge, and other Chromium-based browsers. According to a security researcher Rebane, the issue can reportedly be triggered just by opening a malicious website.

Users do not need to install software, approve permissions, or click suspicious pop-ups. The attack happens entirely inside the browser itself, making it harder to detect than traditional malware.

Browser Fetch feature reportedly abused

The vulnerability reportedly involves Browser Fetch, a web standard that allows browsers to fetch files in the background.

Security researchers claim attackers can abuse the feature to establish long-lasting background connections between a Chromium browser and a remote server. In some cases, these connections may continue even after users leave the malicious website.

Researchers also claim that some Chromium-based browsers may even preserve the connection after the browser closes or the PC restarts.

Proof-of-concept exploit is now public

The flaw was reportedly discovered by an independent security researcher and privately disclosed to Google in late 2022.

Despite reportedly receiving an S1 severity rating from Google engineers, the issue allegedly remained unresolved for around 29 months. A proof-of-concept exploit has now become publicly available, raising concerns that threat actors could begin experimenting with the technique more widely.

Google has not publicly confirmed when a fix may arrive.

Attackers could abuse browsers as proxy infrastructure

Researchers warn that the flaw could allow malicious websites to quietly use browsers as lightweight proxy nodes for attacker-controlled infrastructure.

The exploit reportedly does not directly steal passwords, files, or emails. However, it may expose limited browsing-related data while helping attackers route traffic through unsuspecting users.

Because everything operates inside the browser itself, traditional antivirus tools may struggle to detect the activity.

Users may barely notice the issue

One of the biggest concerns is how difficult the behavior may be for average users to spot.

On some Chromium browsers, users may briefly see a downloads-related warning or pop-up without an actual file appearing. Most users would likely dismiss the behavior as a temporary browser glitch.

Researchers say there is currently no reliable way for regular users to verify whether their browser was affected.

With no confirmed Chromium patch available yet, the newly disclosed flaw raises fresh concerns about how modern browsers handle long-running background activity.

In other Chrome news, Google is preparing to let AI Mode automatically access open browser tabs, while also removing the Emoji menu shortcut from the address bar. Meanwhile, Microsoft recently patched two actively exploited zero-day vulnerabilities affecting Microsoft Defender components.

Via Ars Technica, Android Authority