"Chrome is the most popular browser in the world with over 70% market share, according to StatCounter, and that's not counting all the people who use any of the open source Chromium-based browsers, including Microsoft Edge, OpenAI's ChatGPT Atlas, Brave, and Vivaldi. Given the ITU counts 5.5 billion internet users, that suggests Chrome alone is used by more than 3 billion people."
"The Register tested the code on Edge, and not only did it crash the browser, but it also locked up the Windows-based machine after about 30 seconds, and sucked down 18 GB of RAM into one tab. Pino spoke with The Register exclusively about the bug, and said he initially disclosed it to the Chromium security team on August 28, and followed up on August 30, but didn't receive a response."
A critical unpatched bug in Chromium's Blink rendering engine allows rapid abuse to crash many Chromium-based browsers and, in some tests, freeze host systems. A proof-of-concept exploit named Brash injects millions of DOM mutations per second by exploiting the complete absence of rate limiting on document.title API updates. The injection saturates the main thread, disrupts the event loop, and causes interfaces to collapse within 15 to 60 seconds on affected builds (Chromium 143.0.7483.0 and later). Testing across major browsers on Android, macOS, Windows, and Linux showed nine of eleven tested browsers were affected. One test consumed roughly 18 GB of RAM in a single tab. The flaw was reported to the Chromium security team on August 28 with a follow-up on August 30 without an immediate response.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]