How a Tiny JavaScript Snippet Can Crash Major Browsers and Reboot iPhones

Background

While scrolling Twitter, a user discovered a tweet from CyberSecurity@cyber__sec that advertised a JavaScript snippet capable of crashing Firefox, Chrome, and Safari browsers and also rebooting an iPhone.

Exploit Details

The tweet provides a link containing the malicious script. The accompanying Chinese comment explains that the code can crash the browsers and restart the iPhone.

Example code (comment only):

//使用下面这段JavaScript代码能让firefox，chrome，safari浏览器崩溃，而且还能让iPhone重启。

Observed Behavior

On desktop systems, opening the link can cause CPU and memory usage to spike dramatically, leading to the browser freezing or crashing. On mobile devices (Android and iPhone), the browser quits instantly; the same effect occurs when the link is opened from Weibo or WeChat.

One user reported that on an iPhone using Safari the device logged out and rebooted after opening the link, though this behavior was not consistently reproducible.

Discussion

Commenters debate whether the phenomenon is a bug or a genuine 0‑day vulnerability and discuss possible misuse, such as injecting the script during a man‑in‑the‑middle (MITM) attack for prank or sabotage purposes.

Community reactions range from amusement (“JS is the best language”) to concern about the script’s impact on browser history, performance, and the potential for widespread disruption.

Illustrative Images