Brand ClaimErleben, was verbindet

Advisory 2025-2282 - Chromium-based browsers: Vulnerability enables denial of service

Achtung: You can now also find information from the Vulnerability Advisory Service in the CTI portal!
The CTI portal is available at the following address: https://cti-portal.telekom.net/advisories/2025-2282
Notice: This advisory is by exception shown completely public. You will regularly receive details on vulnerability information as a customer via your login or through our daily advisory e-mail.
4
Attack probability
medium-high
3
Potential damage
medium
remote anonymous attackerUser interaction requiredExploit available
Date
2025-10-31
Release
2025-10-31

Operating System

  • Linux
  • MacOS X
  • Sonstiges
  • Windows

Software

  • Google Chrome <= 143.0.7483.0
  • Microsoft Edge
  • Opera Opera Browser

Attack

A remote anonymous attacker can exploit a vulnerability in chromium-based browsers in order to create a Denial of Service condition.

Description

Chrome is an Internet browser from Google. Edge is an Internet browser from Microsoft. Opera is a Web Browser and E-Mail Client.

A vulnerability exists in Chromium-based browsers such as Chrome, Edge, and Opera. Rate limiting is missing in updates to the document.title API, allowing 100 unique hexadecimal strings of 512 characters each to be generated and stored in memory. An anonymous, remote attacker can inject millions of DOM mutations per second, leading to a denial of service. Successful exploitation requires user interaction.

CVSSv2 Base Score: 7.1 / Temporal Score: 6.4
AV:N/AC:M/AU:N/C:N/I:N/A:C/E:POC/RL:U/RC:ND
CVSSv3.1 Base Score: 6.5 / Temporal Score: 6.2
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:X

PoC code taking advantage of the vulnerability is available on the Internet.

Recommendation

There is currently no update or patch available to fix this vulnerability.
https://github.com/jofpin/brash

Information

Brash - Chromium Browser DoS Attack via document.title Exploitation dated 2025-10-30
https://github.com/jofpin/brash

The Register dated 2025-10-30
https://www.theregister.com/2025/10/29/brash_dos_attack_crashes_chromium/

References

VULNAME:BRASH

Disclaimer

*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.

Copyright © 1999-2025 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.

The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.