Unpatched Chromium Service Worker persistence flaw exposed in tracker
Updated:
· First: 21.05.2026 21:13
· 📰 1 src / 1 articles
A persistent Service Worker flaw in Chromium-based browsers allowed JavaScript execution to continue running in the background after browser closure, enabling remote code execution (RCE) on devices. The vulnerability was reported in December 2022 and remained unpatched despite being marked as fixed in February 2026. Google inadvertently exposed technical details in the Chromium Issue Tracker for 14 weeks, increasing the risk of exploitation. Affected browsers include Chrome, Edge, Brave, Opera, Vivaldi, and Arc.