Chromium Flaw Crashes Browsers
A security researcher has published an exploit for a vulnerability in Chromium's rendering engine, which can crash browsers like Chrome, Edge, and others within seconds.
The vulnerability, dubbed Brash, exploits a design weakness in Blink, the rendering engine that powers all Chromium-based browsers, by flooding the document.title API.
Jose Pino published proof-of-concept code for the flaw on October 29, potentially exposing more than three billion users to browser crashes and system instability.
Pino reported the flaw on August 28 and followed up on August 30, but received no response from Google, raising questions about its disclosure process.
- Chrome
- Microsoft Edge
- Seven other browsers
are affected by the vulnerability.
Author's summary: Chromium flaw crashes major browsers.