Chromium Flaw Crashes Browsers
A security researcher has published an exploit for a Chromium flaw, dubbed Brash, after Google ignored his report for two months.
The vulnerability can crash browsers, including Chrome and Microsoft Edge, within seconds by flooding the document.title API.
Jose Pino published proof-of-concept code for the flaw on October 29, potentially exposing more than three billion users to browser crashes and system instability.
Vulnerability Details
- The flaw exploits a fundamental design weakness in Blink, the rendering engine that powers all Chromium-based browsers.
- Pino reported the flaw on August 28 and followed up on August 30, but received no response from Google.
The timing raises questions about Google's vulnerability response process.
Author's summary: Chromium flaw crashes browsers due to Google's silence.