New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds.

Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash .

"It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a technical breakdown of the shortcoming.

At its core, Brash stems from the lack of rate limiting on " document.title " API updates, which, in turn, allows for bombarding millions of [document object model] mutations per second, causing the web browser to crash, as well as degrade system performance as a result of devoting CPU resources to this process.

The attack plays out in three steps -

H