Critical Blink Vulnerability Lets Attackers Crash Chromium Browsers in Seconds

Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks.

The vulnerability, called Brash, allows malicious actors to completely crash Chrome, Edge, Brave, Opera, and other Chromium browsers within 15 to 60 seconds through a simple code injection.

The attack exploits the complete absence of rate limiting on the document.title API, a fundamental web technology that updates the browser tab title.

By sending millions of title updates per second, attackers can overwhelm the browser’s main thread, saturate system resources, and trigger an unrecoverable collapse. The vulnerability is currently operational and affects Chromium versions 143.0.7483.0 and earlier.

How the Attack Works

The Brash exploit operates through three distinct phases. First, it pre-loads 100 unique hexadecimal strings into memory, avoiding the computational overhead of generating them during the attack. This maximises the ...