Find notable cyber news and cases, enriched with sources, timelines, and signals.

Chromium Blink document.title crash security flaw

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Brash is a Chromium Blink vulnerability that can crash Google Chrome and other Chromium-based browsers in 15-60 seconds by abusing unthrottled `document.title` updates. The flaw floods the DOM with mutations, which can saturate the browser's main thread and degrade system performance. It affects Microsoft Edge, Brave, Opera, Vivaldi, Arc Browser, Dia Browser, OpenAI ChatGPT Atlas, and Perplexity Comet.

Related Happenings

FROST browser SSD timing side channel via OPFS

Technical Analysis
H score16 First: 09.06.2026 12:50 Last: 09.06.2026 12:50 Sources 1

About this happening: **FROST** turns **browser storage timing** into a **remote SSD side channel** that can identify which **sites** a user visits and which **apps** they open. The technique runs insi...

Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)

Vulnerability
H score45 First: 09.06.2026 09:56 Last: 09.06.2026 09:56 Sources 1

About this happening: **Google** has patched **CVE-2026-11645**, a **Chrome V8 JavaScript engine** zero-day that was **exploited in the wild** and could let remote attackers run code inside the browser...

Browser-layer visibility guidance for browser-native threats

Defensive Guidance
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)

Vulnerability
H score1 First: 01.04.2026 13:25 Last: 01.04.2026 13:25 Sources 1

About this happening: **Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...

Timeline

  1. 30.10.2025 16:45 2 articles · 8mo ago

    Brash vulnerability crashes Chromium-based browsers in 15-60 seconds

    Initial Disclosure

    Jose Pino disclosed Brash, a vulnerability in Chromium's Blink rendering engine that can crash Google Chrome and other Chromium-based browsers in 15-60 seconds by abusing unthrottled document.title updates, flooding millions of DOM mutations per second and saturating the browser's main thread; Mozilla Firefox and Apple Safari are not affected.

    Show sources