Your browser could already be part of a botnet thanks to this dangerous Chrome flaw

• A recently disclosed Chromium vulnerability could allow malicious websites to silently hijack browsers like Chrome and Edge without downloads, pop-ups, or user interaction.
• The exploit abuses Browser Fetch, a feature meant for background downloads to keep persistent connections alive, potentially turning browsers into lightweight botnets for proxying traffic or DDoS attacks.
• Security researcher Lyra Rebane reported the flaw to Google in 2022, but the issue reportedly remains unpatched nearly 29 months later despite being internally classified as a serious S1 vulnerability.

If you use Google Chrome, Microsoft Edge, or almost any browser built on Chromium, a newly revealed security flaw could put you at risk without you ever realizing it. There’s no malicious app to install, suspicious pop-up to click, or permissions to approve. In some cases, just opening a website could be enough to trigger it.

After reading a report (via Ars Technica), we learned that the issue was discovered by independent security researcher Lyra Rebane, who privately reported it to Google back in late 2022. Nearly two and a half years later, the vulnerability is reportedly still unpatched — and now proof-of-concept exploit code is publicly available.