New Brash Exploit Crashes Chromium Browsers

A vulnerability in Chromium's Blink engine, identified by security expert Jose Pino and dubbed "Brash," can rapidly crash browsers based on Chromium, such as Google Chrome, Microsoft Edge, Brave, and others. The flaw arises from the absence of a limit on how frequently a website's title can be altered, allowing attackers to execute millions of changes per second. This overwhelms the browser, leading to a crash and slowing down the computer. The attack unfolds in three stages and can be precisely timed, enabling attackers to activate it at a specific moment, making it akin to a time bomb. This capability allows the attack to remain undetected until triggered, potentially by clicking a specially crafted link. Notably, Mozilla Firefox, Apple Safari, and iOS browsers are unaffected as they use WebKit. The Hacker News has reached out to Google for comments and potential remediation plans.

Stay secure — stay Wavasec. 🔐