🔄 LinkCentre is currently undergoing category reorganisation to improve the quality of our service. Learn more | Contact support
Link Centre - Search Engine and Internet Directory

Helping to share the web since 1996

A Newly Found Browser Flaw Can Crash Sessions in Seconds

📅 Nov 29, 2025 📁 Business

A critical flaw has been uncovered in browsers built on the open-source Chromium platform - impacting popular options such as Google Chrome and Microsoft Edge. Security researcher Jose Pino, who revealed the issue this week, explained that the vulnerability “can cause any Chromium-based browser to crash within 15 to 60 seconds by exploiting a design weakness.”

logo

The “Brash” Attack Explained

The flaw, which Pino has dubbed “Brash,” targets Blink, the rendering engine responsible for displaying web pages in Chromium browsers. By repeatedly sending requests to Blink through the “document.title” property of a web page, an attacker can overload the system.

According to Pino’s findings shared on GitHub, Blink processes every change to document.title synchronously and without rate limiting, meaning it handles each update one by one on the main thread. This lack of restriction creates a performance bottleneck that can be abused. “The result is heavy CPU usage, sluggish performance, and the potential for the entire browser session to freeze or crash,” Pino wrote.

Demonstration and Impact

To illustrate the vulnerability, Pino developed a proof-of-concept website that triggers the attack. During tests, the page successfully crashed Chrome on both desktop and Android devices. Other Chromium-based browsers - including Brave, Opera, and ChatGPT’s Atlas - were also affected. In contrast, browsers that don’t use Chromium, such as Mozilla Firefox and Apple Safari, are not vulnerable.

How It Works

Pino’s proof of concept floods Blink’s API with roughly 24 million updates per second, causing the browser to collapse under the load. While the exploit does not compromise user data or passwords, it can still disrupt browsing sessions and slow down the entire system.

Response and Fix

When asked why a patch has not yet been issued, Pino told The Register that he decided to publicly disclose the flaw after his initial private report two months earlier went unanswered. He hopes the exposure will prompt action to protect users. Google has since acknowledged the report and is reportedly investigating a fix - likely involving rate-limiting measures to prevent such overloads in the future.

This incident serves as a reminder that even widely trusted open-source platforms can harbor vulnerabilities - and that timely collaboration between researchers and developers is crucial to keeping the web safe.

Newer Articles

Older Articles

← Back to News Headlines