1 min read

HTML5 Browser Exploit Floods Hard Drives with Data

Liviu ARSENE

March 01, 2013

Promo Protect all your devices, without slowing them down.
Free 30-day trial
HTML5 Browser Exploit Floods Hard Drives with Data

A recent HTML5 browser exploit enables websites to flood users with gigabytes of junk data, only to clog PCs and crash browsers.

Web developer Feross Aboukhadijeh rigged a proof-of-concept website that exploits the vulnerability and adds 1 GB of data every 16 seconds on a solid state drive. Named FillDisk.com, the webpage can be accessed by anyone interested in learning more about the HTML5 vulnerability.

HTML5 Browser Exploit Floods Hard Drives with DataThe website works by instructing all subdomains to download the maximum data amount, resulting in masses of junk data downloaded to a users` computer.

Although all browsers are affected, Google`s Chrome, Microsoft`s Internet Explorer and Apple`s Safari are the only ones with no browser download cap. Firefox is the only browser that limits the download amount, and is partially vulnerable to the exploit.

Aboukhadijeh encourages developers to set up safeguards to prevent this behavior, by implementing a 5 megabyte download limit per origin.

“User agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit,” wrote Aboukhadijeh on his blog. “A mostly arbitrary limit of five megabytes per origin is recommended.”

Tests revealed that the Google Chrome browser may sometimes crash before flooding the disk, but an official Chromium bug report has been filed by Aboukhadijeh. Microsoft and Apple have also been notified of the vulnerability and a fix could be underway.

 

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader