You Are Here: Home » Industry News » HTML5 Browser Exploit Floods Hard Drives with Data

HTML5 Browser Exploit Floods Hard Drives with Data

A recent HTML5 browser exploit enables websites to flood users with gigabytes of junk data, only to clog PCs and crash browsers.

Web developer Feross Aboukhadijeh rigged a proof-of-concept website that exploits the vulnerability and adds 1 GB of data every 16 seconds on a solid state drive. Named FillDisk.com, the webpage can be accessed by anyone interested in learning more about the HTML5 vulnerability.

HTML5 Browser Exploit Floods Hard Drives with DataThe website works by instructing all subdomains to download the maximum data amount, resulting in masses of junk data downloaded to a users’ computer.

Although all browsers are affected, Google’s Chrome, Microsoft’s Internet Explorer and Apple’s Safari are the only ones with no browser download cap. Firefox is the only browser that limits the download amount, and is partially vulnerable to the exploit.

Aboukhadijeh encourages developers to set up safeguards to prevent this behavior, by implementing a 5 megabyte download limit per origin.

“User agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit,” wrote Aboukhadijeh on his blog. “A mostly arbitrary limit of five megabytes per origin is recommended.”

Tests revealed that the Google Chrome browser may sometimes crash before flooding the disk, but an official Chromium bug report has been filed by Aboukhadijeh. Microsoft and Apple have also been notified of the vulnerability and a fix could be underway.

 

About The Author

Security Researcher

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That’s what’s been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he’s always ready to write about what’s hot and trendy out there in geek universe.

Number of Entries : 152

Comments (1)

  • chris

    Im pretty the author of the hacker said “firefox is safe”, not “partially vulnerable”.

    Your statement amounts to slander of firefox, for what motivation? I can only guess.

    Reply

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top