TEMPO.CO, Jakarta - Users of Google Chrome are not entirely immune to cyber threats from sites that appear on their search pages. Independent cybersecurity researcher, Lyra Rebane, has uncovered a vulnerability in the Chrome service, which has been detected since late 2022.
According to a report by Android Authority on Thursday, May 21, 2026, Lyra Rebane has reported this vulnerability to Google, but there has been no effective measure taken to counter this potential threat. As a result, exploitative code to breach a number of users is publicly available.
Rebane's analysis indicates that the core of the issue lies in Browser Fetch, a web standard designed for convenience. This feature allows the browser to continue downloading large files or videos in the background, even if the user closes the tab.
Rebane's findings identify that hackers can abuse the same system to create long-lasting background connections between the user's browser and a remote server. Meaning, malicious websites can covertly turn a user's browser into part of someone else's cyberattack infrastructure.
Even more dangerously, this browser can be used as an anonymous proxy to reroute malicious traffic and participate in distributed denial-of-service (DDoS) attacks. "Imagine opening what looks like a completely normal website, [but] behind the scenes, that site could establish a persistent connection that keeps running long after you leave the page," the report stated.
Despite the existence of this vulnerability, Rebane notes that it's quite difficult to determine whether a user has genuinely fallen victim to a cyber attack. Most people might dismiss it as a browser annoyance and continue with their activities. Furthermore, there have been no confirmed fixes at present, and Google has not clarified when the fix will be released.
Read: Google Confirms Gemini AI to Power Apple's New Siri in 2026
Click here to get the latest news updates from Tempo on Google News
