Overview
- Researcher Jose Pino released a proof-of-concept showing rapid document.title updates can saturate the UI thread and collapse browsers in 15–60 seconds.
- Tests reported nine of 11 browsers based on Chromium failed across Windows, macOS, Linux, and Android, while Firefox, Safari, and all iOS browsers were immune.
- The Register reproduced a crash in Microsoft Edge that locked a Windows machine and consumed about 18 GB of RAM in a single tab.
- Google told reporters it is looking into the issue, and Brave said it will implement any fix provided by Chromium, but no patch has been rolled out.
- The attack can be triggered by a single crafted URL, can be scheduled to fire at precise times, and has been observed on Chromium builds from version 143.0.7483.0 onward.