HTML5 Hole in Major Browsers Lets Sites Fill Up Your Hard Dive

Pulkit Chandna

Problem stems from the way affected browsers implement the HTML5 Web Storage standard

A Stanford computer science student named Feross Aboukhadijeh has discovered a bug in Chrome, Safari (iOS and desktop), Opera, and Internet Explorer that makes it possible for a site to fill up the system’s storage space . The problem, according to Aboukhadijeh, lies in the way the affected browsers implement the HTML5 Web Storage standard, which allows web pages to store large amounts of data locally in a fast, secure and efficient manner.

While the standard asks that browsers limit the total amount of local storage space available to each domain and “guard against sites storing data under the origins other affiliated sites [subdomain]”, the affected browsers, according to Aboukhadijeh, merely have a per-origin limit and no limit whatsoever for affiliated sites.

He has even made a site to demonstrate how the exploit works and says that it “fills up 1GB every 16 seconds on my Macbook Pro Retina (with solid state drive).”

“You can help get this issue get fixed quickly (on Chrome at least) by visiting the bug report pages and chiming in (starring) so that Google prioritizes this issue,” he wrote on his site.

Image Credit:

Around the web