A Newly Found Browser Flaw Can Crash Sessions in Seconds

A critical flaw has been uncovered in browsers built on the open-source Chromium platform—impacting popular options such as Google Chrome and Microsoft Edge. Security researcher Jose Pino, who revealed the issue this week, explained that the vulnerability “can cause any Chromium-based browser to crash within 15 to 60 seconds by exploiting a design weakness.”

The “Brash” Attack Explained

The flaw, which Pino has dubbed “Brash,” targets Blink, the rendering engine responsible for displaying web pages in Chromium browsers. By repeatedly sending requests to Blink through the “document.title” property of a web page, an attacker can overload the system.

According to Pino’s findings shared on GitHub, Blink processes every change to document.title synchronously and without rate limiting, meaning it handles each update one by one on the main thread. This lack of restriction creates a performance bottleneck that can be abused. “The result is heavy CPU usage, sluggish performance, and the potential for the entire browser session to freeze or crash,” Pino wrote.

Demonstration and Impact

To illustrate the vulnerability, Pino developed a proof-of-concept website that triggers the attack. During tests, the page successfully crashed Chrome on both desktop and Android devices. Other Chromium-based browsers—including Brave, Opera, and ChatGPT’s Atlas—were also affected. In contrast, browsers that don’t use Chromium, such as Mozilla Firefox and Apple Safari, are not vulnerable.

How It Works

Pino’s proof of concept floods Blink’s API with roughly 24 million updates per second, causing the browser to collapse under the load. While the exploit does not compromise user data or passwords, it can still disrupt browsing sessions and slow down the entire system.

Response and Fix

When asked why a patch has not yet been issued, Pino told The Register that he decided to publicly disclose the flaw after his initial private report two months earlier went unanswered. He hopes the exposure will prompt action to protect users. Google has since acknowledged the report and is reportedly investigating a fix—likely involving rate-limiting measures to prevent such overloads in the future.

This incident serves as a reminder that even widely trusted open-source platforms can harbor vulnerabilities—and that timely collaboration between researchers and developers is crucial to keeping the web safe.

Newer Articles

• Elon Musk Envisions Starlink Satellites as Future Space-Based Data Centers
• HBO Max November 2025 Lineup: The Best New Movies and Shows to Stream This Month
• Smart Money: How AI is Changing the Way We Invest and Save

Older Articles

• 10 Risky Games That Might Surprise You: Hidden Gems Worth the Gamble
• NEW NASA PICTURES OF 3I/ATLAS LEAKED!
• Samsung Teases Its First Trifold Galaxy Z Smartphone in Korea