Google Release a leak code threatening millions of Chromium users

Google Wednesday, the user code was released for the unrecovered loophole in the Chromium browser code library, which threatens millions of users of Chrome,Microsoft Edge and almost all other browser users based on Chromium.

The concept validation code uses a browser to access the programming interface, which allows long videos and other large files to be downloaded from backstage. The breach could be used by the attackers to create a connection to monitor certain aspects of the user browser and act as a proxy for viewing the website and launching a denial-of-service attack. Depending on the browser, the connection will reopen or remain open, even after the browser or the device that runs the browser has been restarted.

42 months unrecovered (and continuing)

Any website accessed by users could take advantage of unrecovered loopholes. In fact, compromise amounts to a limited back door, making the equipment part of a limited zombie network. These functions are limited to the same operations that browsers can perform, such as accessing malicious sites, providing anonymous proxy browsing for others, enabling agent DDoS attacks and monitoring user activities. Nevertheless, that loophole may allow the attackers to connect thousands or even millions of devices to the network. Once there is a separate loophole, the attackers can use it to harm all of these devices.

"The dangerous part here is that you can put a lot of different browsers together, and in the future you can run something on what you know, and find that loophole and find it in private by the end of 2022. Go.An independent researcher interviewed by ogle Lyra Rebane said: She stated that the use of Google's early leak code would be “very easy”, although more work would be needed to expand it to integrate a large number of equipment into a network. In Rebane's disclosure to Google, two developers stated in a separate response that this was a “serious loophole”. P1, the second highest classification. The severity was rated S2, third highest.

Since the 46-month-old report, this loophole has remained unknown, with the exception of Chromium developers. And then on Wednesday morning, it was published on the Chromium bug tracker. Rebane initially believed that the loophole had eventually been repaired. Shortly thereafter, she learned that, in fact, it had not been repaired. Although Google deleted the article, it and the breach code were still available on the archive website.