
New browser attack lets hackers run bad code even after users leave a web page - egb
https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/
======
ninju
Is this actually exploitable with the current set of browsers?

Looking at the documentation of the API [[https://developer.mozilla.org/en-
US/docs/Web/API/ServiceWork...](https://developer.mozilla.org/en-
US/docs/Web/API/ServiceWorkerRegistration/periodicSync)]

and it says in a yellow note at the top of the docs This feature was mentioned
as an idea in the SW explainer at some point, but as yet has not been
implemented anywhere.

My guess is that is only an experimental feature currently

~~~
johnsonjo
It is only experimental, but it has basic support from most browsers which is
probably enough for the exploit (the note might be a little outdated or at the
least a bit misleading.) Just check the browser compatibility section on the
mdn page you linked it lists the browsers that have basic support that
feature.

