A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds.
Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash.
“It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed,” Pino said in a technical breakdown of the shortcoming.
At its core, Brash stems from the lack of rate limiting on “document.title” API updates, which, in turn, allows for bombarding millions of [document object model] mutations per second, causing the web browser to crash, as well as degrade system performance as a result of devoting CPU resources to this process.
The attack plays out in three steps –
- Hash generation or preparation phase, where the attacker preloads into memory 100 unique hexadecimal strings of 512 characters that act as a seed for the browser tab title changes per interval so as to maximize the impact of the attack
- Burst injection phase, where bursts of three consecutive document.title updates are executed, injecting approximately 24 million updates per second in default configuration (burst: 8000, interval: 1ms)
- UI thread saturation phase, where the continuous stream of updates saturates the browser’s main thread, causing it to go unresponsive and requiring forced termination
“A critical feature that amplifies Brash’s danger is its ability to be programmed to execute at specific moments,” Pino said. “An attacker can inject the code with a temporal trigger, remaining dormant until a predetermined exact time.”
“This kinetic timing capability transforms Brash from a disruption tool into a temporal precision weapon, where the attacker controls not only the ‘what’ and ‘where,’ but also the ‘when’ with millisecond accuracy.”
This also means that the attack can act like a logic bomb that’s configured to detonate at a specific time or after a certain amount of time has elapsed, all while evading initial inspection or detection. In a hypothetical attack scenario, all it would take is a click of a specially crafted URL to trigger the behavior, leading to unintended consequences.
The vulnerability works on Google Chrome and all web browsers that run on Chromium, which includes Microsoft Edge, Brave, Opera, Vivaldi, Arc Browser, Dia Browser, OpenAI ChatGPT Atlas, and Perplexity Comet. Mozilla Firefox and Apple Safari are immune to the attack, as are all third-party browsers on iOS, given that they are all based on WebKit.
The Hacker News has reached out to Google for further comment on the findings and its plans for a fix, and we will update the story if we hear back.
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
