Unpatched Bug Can Crash Chromium-Based Browsers in Seconds (theregister.com)
(Thursday October 30, 2025 @06:40PM (msmash)
from the tabs-of-doom dept.)
- Reference: 0179917634
- News link: https://it.slashdot.org/story/25/10/30/205211/unpatched-bug-can-crash-chromium-based-browsers-in-seconds
- Source link: https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/
A critical security flaw in Chromium's Blink rendering engine can crash billions of browsers within seconds. Security researcher Jose Pino discovered the vulnerability and created a proof-of-concept exploit called Brash to demonstrate the bug affecting Chrome, Edge, OpenAI's ChatGPT Atlas, Brave, Vivaldi, Arc, Dia, Opera and Perplexity Comet.
The flaw, reports The Register, [1]exploits the absence of rate limiting on document.title API updates in Chromium versions 143.0.7483.0 and later. The attack injects millions of DOM mutations per second and saturates the main thread. When The Register tested the code on Edge, the browser crashed and the Windows machine locked up after about 30 seconds while consuming 18GB of RAM in one tab. Pino disclosed the bug to the Chromium security team on August 28 and followed up on August 30 but received no response. Google said it is looking into the issue.
[1] https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/
The flaw, reports The Register, [1]exploits the absence of rate limiting on document.title API updates in Chromium versions 143.0.7483.0 and later. The attack injects millions of DOM mutations per second and saturates the main thread. When The Register tested the code on Edge, the browser crashed and the Windows machine locked up after about 30 seconds while consuming 18GB of RAM in one tab. Pino disclosed the bug to the Chromium security team on August 28 and followed up on August 30 but received no response. Google said it is looking into the issue.
[1] https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/
Take Two Interactive (Score:1)
by kurt_cordial ( 6208254 )
I told my doctor I couldn't speak Spanish. He said don't speak Spanish.
'billions of browsers' (Score:2)
by Fly Swatter ( 30498 )
Damn, that's a lot of hyperbole. Like billions.
Re: (Score:2)
by Junta ( 36770 )
Hey, if running on billions is good enough for Java, it's good enough for Chrome and Chrome-likes.
exploits what...?!? (Score:2)
by ffkom ( 3519199 )
> exploits the absence of rate limiting on document.title API updates
That is not the root cause. There is no reason in the first place to allow a web page to change its title while being displayed. I for one have never seen such feature being used for anything useful. And then, even if you implement such feature, there is no reason why it should consume any more CPU or RAM resources than any other "script" activity to change other parts of the displayed document.
Interesting (Score:4, Funny)
> ... while consuming 18GB of RAM in one tab
So, a standard Firefox session in other words. /rimshot
Re: (Score:2)
checks current RAM usage Almost precisely 1 GB from all Firefox tabs put together (seven loaded and an embarrassingly large number of unloaded tabs I'll probably ignore for a few years before cleaning them up by the thousand). uBlock Origin and uMatrix probably reducing the load a bit by blocking all the ads. Chrome is no better at this (and worse at the ad blocking), I really don't get why people are so down on Firefox memory usage.