Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Chromium Blink document.title crash security flaw

Vulnerability
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

Brash is a Chromium Blink vulnerability that can crash Google Chrome and other Chromium-based browsers in 15-60 seconds by abusing unthrottled `document.title` updates. The flaw floods the DOM with mutations, which can saturate the browser's main thread and degrade system performance. It affects Microsoft Edge, Brave, Opera, Vivaldi, Arc Browser, Dia Browser, OpenAI ChatGPT Atlas, and Perplexity Comet.

Related Happenings

Chromium JavaScript background RCE flaw

Vulnerability
First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Open Happening

Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)

Vulnerability
First: 01.04.2026 13:25 Last: 01.04.2026 13:25 Sources 1

About this happening: **Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...

Open Happening

Torg Grabber browser-extension theft activity

Malware Activity
First: 25.03.2026 20:32 Last: 25.03.2026 20:32 Sources 1

About this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...

Open Happening

Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)

Vulnerability
First: 13.03.2026 11:17 Last: 13.03.2026 11:17 Sources 1

About this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...

Open Happening

Firefox JIT miscompilation in JavaScript WebAssembly security flaw (CVE-2026-2796)

Vulnerability
First: 07.03.2026 13:21 Last: 07.03.2026 13:21 Sources 1

About this happening: **Firefox 148** now addresses **CVE-2026-2796**, a **CVSS 9.8** **JIT miscompilation** in the **JavaScript WebAssembly component**, after **Anthropic** validated the flaw and show...

Open Happening

Timeline

  1. 30.10.2025 16:45 2 articles · 6mo ago

    Brash vulnerability crashes Chromium-based browsers in 15-60 seconds

    Initial Disclosure

    Jose Pino disclosed Brash, a vulnerability in Chromium's Blink rendering engine that can crash Google Chrome and other Chromium-based browsers in 15-60 seconds by abusing unthrottled document.title updates, flooding millions of DOM mutations per second and saturating the browser's main thread; Mozilla Firefox and Apple Safari are not affected.

    Show sources
    Open in new tab