Mountain View — Chromium flaw: 29 months unpatched, exploit now public. Any website can silently recruit a Chromium browser into a botnet via its background-fetch interface; the service worker survive
Ars Technica