New browser attack lets hackers run bad code even after users leave a web page
zdnet.comIs this actually exploitable with the current set of browsers?
Looking at the documentation of the API [https://developer.mozilla.org/en-US/docs/Web/API/ServiceWork...]
and it says in a yellow note at the top of the docs This feature was mentioned as an idea in the SW explainer at some point, but as yet has not been implemented anywhere.
My guess is that is only an experimental feature currently
It is only experimental, but it has basic support from most browsers which is probably enough for the exploit (the note might be a little outdated or at the least a bit misleading.) Just check the browser compatibility section on the mdn page you linked it lists the browsers that have basic support that feature.