Allocation of Resources Without Limits or Throttling (Brash) Affecting chromium package, versions [0,]

Q: How to fix?

There is no fixed version for chromium .

Threat Intelligence

Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Allocation of Resources Without Limits or Throttling (Brash) vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-UNMANAGED-CHROMIUM-13781442
published30 Oct 2025
disclosed27 Oct 2025
creditJose Pino

Report a new vulnerability Found a mistake?

Introduced: 27 Oct 2025

NewCWE-770 (opens in a new tab)

How to fix?

There is no fixed version for chromium.

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling (Brash) over the document.title API in Blink, which does not limit requests. An attacker can send unlimited API updates to mutate the DOM, occupying excessive CPU and degrading performance. By sending a continuous stream of updates, the browser's main thread can be saturated, causing interruption to all browser tabs and potentially the system.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
Active

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
High