back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 Clearly, @mozilla's choices around not implementing certain APIs is paying off.
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 BeEF module ftw!
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
issue set to private again, hopefully it'll get fixed properly this time
-
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
@rebane2001 Oops.
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 Nice find! I should have woken up earlier to see the details.
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 fucking embarrassing
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 Well, too late, it has already been archived :x
-
@rebane2001 Well, too late, it has already been archived :x
@SamantazFox out of curiosity, where? the archive.org captures don't load for me
edit: ty
-
@SamantazFox out of curiosity, where? the archive.org captures don't load for me
edit: ty
@rebane2001 @SamantazFox It's on archive.today/.is/.ph. Only go there with a content blocker, you're DDoSing a small blog otherwise: https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 I hate it; but damn that's clever.
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 really cool work. Didn't realize this sort of bug class even existed. Hope they up the bounty; this seems worth more than $1000
-
@Strabisme @cR0w yes, provided you disable js or service workers on the page
-
R relay@relay.infosec.exchange shared this topic
