Widespread Chromium browser crashes likely with severe Brash vulnerability

(Credit: MMollaretti – stock.adobe.com)

Over 3 billion users of Chromium-based browsers, including Google Chrome, Microsoft Edge, Opera, and ChatGPT Atlas, could have their browsers crash within seconds in attacks exploiting the critical Blink rendering engine flaw dubbed "Brash", reports Security Affairs.

Intrusions harnessing Brash involve the preloading of a hundred unique 512-character hex strings in memory for maximum update throughput, accelerated triple-updates from a burst injector, and persistent UI/main thread injections to collapse browser operations, according to security researcher Jose Pino.

Attackers could also program Brash to run at certain moments, enabling its evolution into a "temporal precision weapon," added Pino. Such a vulnerability "demonstrates that architectural flaws in core components like Blink have massive and global consequences. This is not an isolated bugit's a design flaw that affects the entire Chromium ecosystem," said Pino, who emphasized the importance of basic cybersecurity protections in ubiquitous web technologies to prevent such a threat.

