A newly disclosed weakness in the Blink rendering engine used by Chromium can be exploited to crash many Chromium-based browsers within 15–60 seconds, security researcher Jose Pino said. Pino has disclosed details of the flaw and given it the codename Brash.
Pino attributes the issue to an architectural shortcoming that permits uncontrolled updates to the document.title API in Blink, allowing a web page to generate millions of document object model mutations per second. He said the resulting load can crash the browser tab and degrade overall system performance as CPU resources are consumed.
In a technical breakdown, Pino describes a three‑phase method: a hash generation or preparation phase that preloads about 100 unique hexadecimal seeds; a burst injection phase that issues bursts of three consecutive document.title updates configured to produce roughly 24 million updates per second in the default settings (burst: 8000, interval: 1ms); and a UI thread saturation phase in which the browser’s main thread becomes unresponsive and requires forced termination.
Pino also warned that the exploit can be timed to run at a specific moment, which he said allows it to operate like a logic bomb. He said a specially crafted URL or page click could trigger the behaviour after a dormant period, enabling precise temporal control of the disruption.
The vulnerability affects Google Chrome and other browsers built on Chromium, including Microsoft Edge, Brave, Opera, Vivaldi, Arc Browser, Dia Browser, OpenAI ChatGPT Atlas and Perplexity Comet, while Mozilla Firefox and Apple Safari are not affected. Third‑party iOS browsers are also immune because they are based on WebKit.