CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Brash Exploit Crashes Chromium-Based Browsers via Document Title API

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A vulnerability in Chromium's Blink rendering engine, dubbed Brash, can crash Chromium-based browsers within 15-60 seconds by exploiting the document.title API. The flaw allows for rapid DOM mutations, leading to browser crashes and system performance degradation. The attack can be timed to execute at specific moments, functioning like a logic bomb. Affected browsers include Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, Arc Browser, Dia Browser, OpenAI ChatGPT Atlas, and Perplexity Comet. Mozilla Firefox and Apple Safari are not affected. The exploit involves three phases: hash generation, burst injection, and UI thread saturation. The attack can be triggered by a single malicious URL, causing the browser to become unresponsive and require forced termination.

Timeline

  1. 30.10.2025 16:45 1 articles · 11d ago

    Brash Exploit Disclosed in Chromium-Based Browsers

    A vulnerability in Chromium's Blink rendering engine, dubbed Brash, can crash Chromium-based browsers within 15-60 seconds by exploiting the document.title API. The flaw allows for rapid DOM mutations, leading to browser crashes and system performance degradation. The attack can be timed to execute at specific moments, functioning like a logic bomb. Affected browsers include Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, Arc Browser, Dia Browser, OpenAI ChatGPT Atlas, and Perplexity Comet. Mozilla Firefox and Apple Safari are not affected.

    Show sources
    Open in new tab

Information Snippets