… Like many developers, however, Mozilla doesn’t obtain CVE listings for internally discovered security bugs. Instead, they are bundled into a single patch. Normally, Bugzilla reports detailing these “rollups” are hidden for several months after being fixed to protect those who are slow to patch. …
… In the private bug disclosure thread, a developer said that logs indicate that use of the background fetch feature is extremely limited on Chrome, with on average “~17 completed files per user per day.” “That’s pretty solid confirmation that nothing awful is happening at scale,” the developer wrote. …
… X41 D-Sec, the security firm that discovered it, described it as having “critical severity.” X41 D-Sec partnered with fellow security firm Nemesis to create an online scanner that can check if a given server is vulnerable. …