Ddos 
Google’s Chromium, developed by Google, forms the foundation of many modern browsers — yet researchers have uncovered a newly discovered flaw in Chromium’s Blink rendering engine that can enable a denial-of-service attack. Exploitation of this vulnerability can exhaust system memory and force a crash in as little as thirty seconds.
The flaw was first identified by security researcher Jose Pino. He and others disclosed it to the Chromium security team on August 28 and received an initial follow-up on August 30; thereafter, however, Google’s security team ceased responding and the vulnerability remained unpatched.
Why Google has not repaired the flaw is unclear. After a lengthy silence, the researchers publicly released a proof-of-concept and accompanying tool to demonstrate the issue. That PoC — named Brash — reliably drives browsers such as Chrome to consume enormous amounts of RAM: tests show that within thirty seconds Chrome can allocate up to 18 GB of memory and may even precipitate a Windows system crash.
According to the researchers, the weakness stems from the document.title API: updates to document.title are not rate-limited, enabling an attacker to inject millions of DOM modifications per second. Those rapid updates block the main thread, disrupt the event loop, and ultimately provoke a crash.
In theory, every Chromium-based browser is vulnerable — Chrome, Microsoft Edge, ChatGPT Atlas, Brave, and the like — whereas Firefox and Safari, which use different engines, are not affected. The exploit is trivially simple to weaponize: an attacker could embed malicious code on a web page and entice visitors to load it; once executed, the code would drain memory and effect a denial-of-service.
The researchers’ decision to publish the PoC appears intended to spur Google into action. Given that Chromium underpins browsers used by billions worldwide, a timely fix is both urgent and imperative.
Related Posts:
- Clipboard security issues found in Chromium, Firefox, and Apple Safari browsers
- The Linux Foundation to Manage New Chromium Fund
- CISA Warns of Active Exploitation of Chromium and Spreadsheet::ParseExcel
- Four Critical RCE Flaws Found in Grafana Plugins via Chromium: Patch Now!
- Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched
Donate