Skip to content
Tech News
← Back to articles

Your browser could already be part of a botnet thanks to this dangerous Chrome flaw

2026-05-21 | original
read original get Chrome Security Patch Kit → more articles
Why This Matters

A critical vulnerability in Chromium-based browsers like Chrome and Edge has been disclosed, which could allow malicious websites to hijack browsers without user interaction, turning them into part of botnets for cyberattacks. Despite being reported over two years ago, the flaw remains unpatched, posing a significant security risk to millions of users. This highlights the urgent need for timely security updates and vigilance in browser security practices.

Key Takeaways

Andy Walker / Android Authority

TL;DR A recently disclosed Chromium vulnerability could allow malicious websites to silently hijack browsers like Chrome and Edge without downloads, pop-ups, or user interaction.

The exploit abuses Browser Fetch, a feature meant for background downloads to keep persistent connections alive, potentially turning browsers into lightweight botnets for proxying traffic or DDoS attacks.

Security researcher Lyra Rebane reported the flaw to Google in 2022, but the issue reportedly remains unpatched nearly 29 months later despite being internally classified as a serious S1 vulnerability.

If you use Google Chrome, Microsoft Edge, or almost any browser built on Chromium, a newly revealed security flaw could put you at risk without you ever realizing it. There’s no malicious app to install, suspicious pop-up to click, or permissions to approve. In some cases, just opening a website could be enough to trigger it.

After reading a report (via Ars Technica), we learned that the issue was discovered by independent security researcher Lyra Rebane, who privately reported it to Google back in late 2022. Nearly two and a half years later, the vulnerability is reportedly still unpatched — and now proof-of-concept exploit code is publicly available.

At the center of the problem is Browser Fetch, a web standard designed for convenience at any cost. It allows browsers to continue downloading large files or videos in the background, even if you close a tab. But according to Rebane’s findings, attackers can abuse that same system to create long-lasting background connections between your browser and a remote server. This means a malicious website could quietly turn your browser into a tiny piece of someone else’s cyberattack infrastructure.

Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.

to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.

Imagine opening what looks like a completely normal website — maybe a recipe page, a Reddit link, or a random search result. Behind the scenes, that site could establish a persistent connection that keeps running long after you leave the page. Your browser could then be used as an anonymous proxy, help relay malicious traffic, participate in distributed denial-of-service (DDoS) attacks, or even expose limited details about your browsing activity.

... continue reading

Explore topics: chromium chrome edge browser fetch botnet
Related:
Googlebooks could inherit a Chromebook problem even before they launch
Google Publishes Exploit Code Threatening Millions of Chromium Users
Apple TV renews ‘Knife Edge: Chasing Michelin Stars’ for a second season
Kansas City Public Schools to replace 30,000 Windows PCs and Chromebooks with Apple devices
The 5 Google I/O Announcements That Actually Matter

© 2026 GoKawiil

About | Editorial Policy | Contact