Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Browser Chrome CoBi Google News Security All topics
Millions Could Be Affected

Google Accidentally Releases Code for Dangerous Browser Vulnerability

Google Chrome Logo
The disclosed security vulnerability affects Chrome, Edge, and other Chromium-based browsers. Photo: picture alliance / ZUMAPRESS.com
Share article

May 25, 2026, 9:14 am | Read time: 3 minutes

Google accidentally published exploit code for an unpatched security vulnerability in Chromium. This could affect millions of users, as the browser engine powers not only Google Chrome but also Microsoft Edge and many other programs.

The vulnerability became public even though it apparently remains unpatched. Particularly problematic is that attackers can seemingly exploit the flaw relatively inconspicuously.

Browser Function Exploited for Attacks

According to the online magazine “Ars Technica,” the security flaw is in the so-called browser fetch interface. This function is intended to load large files like videos in the background.

However, attackers can reportedly establish persistent connections through the vulnerability. This could allow them to monitor users’ browsing habits or use the browser as an anonymous proxy. Distributed denial-of-service attacks could also be executed. Depending on the browser, these connections might even persist after restarting the program or device, making the flaw particularly critical.

Attack Largely Goes Unnoticed

According to the description, merely visiting a manipulated website is enough to compromise a browser. Users are unlikely to notice anything. In Microsoft Edge, no warning is even displayed. On the affected device, a limited backdoor is created, which can then become part of a small botnet.

While the possibilities are limited to browser functions, attackers could still use them to access malicious websites, redirect data traffic, or initiate DDoS attacks.

More on the topic

All Major Operating Systems Affected

The vulnerability apparently works regardless of the operating system used. This means not only Windows computers are affected, but also Macs and Linux PCs. Additionally, the flaw could be used in conjunction with other malware, making more severe attacks conceivable.

The vulnerability was discovered by security researcher Lyra Rebane. She informed Google about it at the end of 2022. Later, Rebane also noticed that Google had made the corresponding entry, including the exploit code, public. Internally, developers apparently classified the issue as serious. The priority was indicated as P1, and the severity as S2.

Nevertheless, the security flaw remains unpatched. After Google published the bug tracker entry, Rebane initially assumed a solution already existed. Shortly thereafter, it became clear that the vulnerability was still open.

Also of interest: Google unveils major AI initiative at I/O 2026

Alternative Browsers Could Help

Google has since removed the post, but the entry, including the exploit code, remains accessible through archive sites. Users should therefore be particularly vigilant and keep their antivirus software up to date. Additionally, it might help to temporarily use a browser that is not based on Chromium. Examples include Mozilla Firefox, Apple’s Safari, or Tor.

It remains to be seen how quickly Google will provide a solution for the security flaw and when other Chromium browsers will adopt the corresponding updates.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.