New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 596827 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: May 2016
Cc:
wfh@chromium.org
tkonch...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: Crash/XSS

Reported by xbrit7@gmail.com, Mar 22 2016 
<html>
<body>
<button onclick="myFunction()">Test</button>
<script>
function myFunction() {
var out = prompt("Enter # Of SWF Instances:");
for(var i=0;i<out;i++){
var x = document.createElement("EMBED");
x.setAttribute("src", "helloworld.swf");
x.setAttribute("height","10000px");//This is the cause of the crash oversised swf files I can inject the code into maps aswell as email. It crashes the browser in my chrome book. and sometimes forces a reboot!!
x.setAttribute("width","10000px");
document.body.appendChild(x);
}
}
</script>
</body>
</html>

Comment 1 by wfh@chromium.org, Mar 22 2016

Cc: wfh@chromium.org
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Needs-Feedback Type-Bug
At most, this looks like it might be an OOM, which is not a security vulnerability. Can you supply crash ids from chrome://crashes

Comment 2 by durga.behera@chromium.org, Apr 12 2016 

 xbrit7@ : Could you please update the thread with a crash Id for the above issue to help further triage it.

Comment 3 by tkonch...@chromium.org, May 5 2016

Cc: tkonch...@chromium.org
Status: WontFix (was: Unconfirmed)
Due to lack of user response we are closing this issue. Please feel free to file a new issue if you still face the issue from your end.

Sign in to add a comment