A new vulnerability called Brash affects Chromium-based browsers by exploiting DOM operations to crash or degrade performance. The flaw can be weaponized with precise timing and is present in browsers like Chrome, Edge, and Opera but does not affect Firefox or Safari. #BrashVulnerability #ChromiumEngine
Keypoints
- The Brash vulnerability exploits a lack of rate limiting on โdocument.titleโ API updates in Chromium browsers.
- The attack involves preloading unique strings, injecting rapid title updates, and saturating the browserโs UI thread to cause crashes.
- Attacks can be precisely timed and serve as logic bombs, activating at specific moments with millisecond accuracy.
- The vulnerability affects browsers built on Chromium, including Chrome, Edge, Brave, Opera, and others, but not Firefox or Safari.
- Google has not yet released a fix, and the vulnerability underscores the importance of patching browser security flaws.
Read More: https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html