Security researcher Jofpin disclosed a severe vulnerability in Google’s Blink rendering engine, impacting Chromium-based browsers. The flaw exploits unchecked updates to the document.title API, enabling attackers to overwhelm the browser’s main thread, causing crashes in mere seconds. This vulnerability is present in Chrome, Edge, Opera, Brave, and others, potentially affecting over 3 billion users worldwide.
The attack progresses in three phases, demonstrating alarming simplicity, yet devastating potential. Browsers can freeze between 15 to 60 seconds depending on the variant, drastically increasing CPU usage. Non-Chromium browsers like Firefox and Safari remain immune, emphasizing the glaring design oversight in Blink. Jofpin urges immediate action from developers to implement rate limiting.
The implications of this vulnerability are extensive, impacting industries reliant on browser functionality, including finance and healthcare. Attackers could execute time-delayed payloads for malicious activities, affecting critical operations. As long as the exploit remains unpatched, users are advised to avoid untrusted sites, underscoring a pressing need for robust web technology security.
👉 Pročitaj original: Cyber Security News
