back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
-
@rebane2001 would the service worker process stay around even without the main browser process with edge?
@9pfs no, but the main process stays running even after closing all visible windows
-
@rebane2001 hmm I can't see that bug report, it just promts me to sign in
@4censord works for me on a fresh session, might have to wait for it to load?
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 So much for Edge having “the added trust of Microsoft”.
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001@infosec.exchange Oh no the second I saw the download bit I knew it's gotta be content-disposition
Sneaky -
@4censord works for me on a fresh session, might have to wait for it to load?
@rebane2001 hmm, nothing is loading for me, I've waited around 30s
There is also no loading indicator.
I'm using a similar browser as well, its also Firefox klar
-
@rebane2001 hmm, nothing is loading for me, I've waited around 30s
There is also no loading indicator.
I'm using a similar browser as well, its also Firefox klar@4censord@unfug.social @rebane2001@infosec.exchange Klar is a Germany-specific thing, it might have different rules
-
@4censord@unfug.social @rebane2001@infosec.exchange Klar is a Germany-specific thing, it might have different rules
-
@rebane2001 @natty they are very similar afaik, mostly branding because Germany has another established thing called "focus"
But I'll retry in fennec in a sec
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 Is this what they call a 1259 day?
-
@rebane2001 Is this what they call a 1259 day?
@henry_null @rebane2001 Cue Microsoft issuing a press release accusing Rebane of "violating coordinated vulnerability best practices." They've barely had time to react, after all...
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 the bot ghost is providing emotional support here
Uh oh! This issue still open and hasn't been updated in the last 262 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?
-
M mttaggart@infosec.exchange shared this topic
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 I've got a dumb question: Is this something that can be mitigated with a uBlock filter? It reads like it could be but I don't know this stuff well.
-
@rebane2001 I've got a dumb question: Is this something that can be mitigated with a uBlock filter? It reads like it could be but I don't know this stuff well.
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 uh oh
Why did it take them 4 years to (not) fix this?
I really should go ahead and disable js everywhere -
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 well that's not good...
-
@henry_null @rebane2001 Cue Microsoft issuing a press release accusing Rebane of "violating coordinated vulnerability best practices." They've barely had time to react, after all...
@EdCates @rebane2001 I mean its them who made it public first I guess
https://issues.chromium.org/issues/40062121#comment56 -
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
-
@rebane2001
oooof, thats not good
3,5 years...sent from my firefox
i second this, sent from my epiphany
-
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
@rebane2001 peak google efficiency
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 Clearly, @mozilla's choices around not implementing certain APIs is paying off.
️
