TL;DRA recently disclosed Chromium vulnerability could allow malicious websites to silently hijack browsers like Chrome and Edge without downloads, pop-ups, or user interaction.The exploit abuses Browser Fetch, a feature meant for background downloads to keep persistent connections alive, potentially turning browsers into lightweight botnets for proxying traffic or DDoS attacks.Security researcher Lyra Rebane reported the flaw to Google in 2022, but the issue reportedly remains unpatched nearly 29 months later despite being internally classified as a serious S1 vulnerability.If you use Google Chrome, Microsoft Edge, or almost any browser built on Chromium, a newly revealed security flaw could put you at risk without you ever realizing it. There’s no malicious app to install, suspicious pop-up to click, or permissions to approve. In some cases, just opening a website could be enough to trigger it.After reading a report (via Ars Technica), we learned that the issue was discovered by independent security researcher Lyra Rebane, who privately reported it to Google back in late 2022. Nearly two and a half years later, the vulnerability is reportedly still unpatched — and now proof-of-concept exploit code is publicly available.