back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 fucking embarrassing
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 Well, too late, it has already been archived :x
-
@rebane2001 Well, too late, it has already been archived :x
@SamantazFox out of curiosity, where? the archive.org captures don't load for me
edit: ty
-
@SamantazFox out of curiosity, where? the archive.org captures don't load for me
edit: ty
@rebane2001 @SamantazFox It's on archive.today/.is/.ph. Only go there with a content blocker, you're DDoSing a small blog otherwise: https://gyrovague.com/2026/02/01/archive-today-is-directing-a-ddos-attack-against-my-blog/
-
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member
in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
today, almost 4 years later, the bug is finally public:
https://issues.chromium.org/issues/40062121@rebane2001 I hate it; but damn that's clever.
-
issue set to private again, hopefully it'll get fixed properly this time
@rebane2001 really cool work. Didn't realize this sort of bug class even existed. Hope they up the bounty; this seems worth more than $1000
-
@Strabisme @cR0w yes, provided you disable js or service workers on the page
-
R relay@relay.infosec.exchange shared this topic
