New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

At its core, Brash stems from the lack of rate limiting on “document.title” API updates, which, in turn, allows for bombarding millions of document object model mutations per second, causing the web browser to crash, as well as degrade system performance as a result of devoting CPU resources to this process.

“A critical feature that amplifies Brash’s danger is its ability to be programmed to execute at specific moments,” Pino said. “An attacker can inject the code with a temporal trigger, remaining dormant until a predetermined exact time.”

This also means that the attack can act like a logic bomb that’s configured to detonate at a specific time or after a certain amount of time has elapsed, all while evading initial inspection or detection. In a hypothetical attack scenario, all it would take is a click of a specially crafted URL to trigger the behavior, leading to unintended consequences.

To read the complete article, see: The Hacker News.