back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 Hold a really cool presentation about it? There's a conference in Stockholm (SE) in September who pays their speakers, CFP is open: https://event.sec-t.org/sec-t-2026/cfp
-
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
@rebane2001
oooof, thats not good
3,5 years...sent from my firefox
-
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
@rebane2001@infosec.exchange oops, happy
0day4year to those who celebrate -
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
@rebane2001@infosec.exchange oh β
β -
OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
-
@atjn i haven't tried lmao, i hope not
@atjn oh no..
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 would the service worker process stay around even without the main browser process with edge?
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 I guess it's a good thing I asked
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 hmm I can't see that bug report, it just promts me to sign in
-
@rebane2001 would the service worker process stay around even without the main browser process with edge?
@9pfs no, but the main process stays running even after closing all visible windows
-
@rebane2001 hmm I can't see that bug report, it just promts me to sign in
@4censord works for me on a fresh session, might have to wait for it to load?
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 So much for Edge having βthe added trust of Microsoftβ.
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001@infosec.exchange Oh no the second I saw the download bit I knew it's gotta be content-disposition
Sneaky -
@4censord works for me on a fresh session, might have to wait for it to load?
@rebane2001 hmm, nothing is loading for me, I've waited around 30s
There is also no loading indicator.
I'm using a similar browser as well, its also Firefox klar
-
@rebane2001 hmm, nothing is loading for me, I've waited around 30s
There is also no loading indicator.
I'm using a similar browser as well, its also Firefox klar@4censord@unfug.social @rebane2001@infosec.exchange Klar is a Germany-specific thing, it might have different rules
-
@4censord@unfug.social @rebane2001@infosec.exchange Klar is a Germany-specific thing, it might have different rules
-
@rebane2001 @natty they are very similar afaik, mostly branding because Germany has another established thing called "focus"
But I'll retry in fennec in a sec
-
even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
all from just visiting a single website once !!
@rebane2001 Is this what they call a 1259 day?
-
@rebane2001 Is this what they call a 1259 day?
@henry_null @rebane2001 Cue Microsoft issuing a press release accusing Rebane of "violating coordinated vulnerability best practices." They've barely had time to react, after all...
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 the bot ghost is providing emotional support here
Uh oh! This issue still open and hasn't been updated in the last 262 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?
-
M mttaggart@infosec.exchange shared this topic
