Based on what I can tell, this bug just allows a persistent service worker to run forever by downloading a large file and not letting it complete? Security impact is pretty limited (but definitely not none).
It can make requests but only with no CORS, which could be useful for accessing some weakly secured HTTP resources behind a corporate VPN or something (in the same way any other site can but over a much longer period). It could also potentially be used for tracking user IP address activity, crypto mining, building a botnet, etc.
According to the original reporter, the bug is still exploitable and that's why the issue on the bug tracker got hidden again.
> OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
> even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
> all from just visiting a single website once !!
> issue set to private again, hopefully it'll get fixed properly this time :p
Based on what I can tell, this bug just allows a persistent service worker to run forever by downloading a large file and not letting it complete? Security impact is pretty limited (but definitely not none).
It can make requests but only with no CORS, which could be useful for accessing some weakly secured HTTP resources behind a corporate VPN or something (in the same way any other site can but over a much longer period). It could also potentially be used for tracking user IP address activity, crypto mining, building a botnet, etc.
From the article, a link of details:
https://infosec.exchange/@rebane2001/116606719764376414
According to the original reporter, the bug is still exploitable and that's why the issue on the bug tracker got hidden again.
> OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
> even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
> all from just visiting a single website once !!
> issue set to private again, hopefully it'll get fixed properly this time :p