Issue metadata
Sign in to add a comment
|
Investigate possible memory leak by repeatedly changing document.title
Reported by
maarkris...@gmail.com,
Mar 22 2016
|
||||||||||||||||||||||||
Issue descriptionChrome Version: 49.0.2623.87 OS: Windows 10 Pro URL (if applicable) where the memory bloat occurred: http://goth06.xyz/test (it's my website, my folder, only to show you, and test on my PC) Can you reproduce this memory bloat? Yes, everytime. It's a few row of JavaScript code: <script> while(true) { document.title = "Test1"; document.title = "Test2"; } </script> When someone opens the webpage, it will change its title in an infinite loop. This cause both the processor, and the memory usage will go up. About a minute after opening the script, RAM is full, and I can't even handle my computer.(Using about 2++ gigabytes of RAM, and many percent of processor) I had to reboot my computer to use it again. So its critical in many respects. It also works on Chrome Android version! (Chrome will freeze) What steps will reproduce this memory bloat (or if it's not reproducible, what were you doing until then)? (1) Implement this JavaScript code into a HTML file (2) Open it in Chrome (all versions) (3) Check out what happens.
,
Mar 24 2016
,
Mar 26 2016
I filed issue 598125 to throttle document.title updates. Once that's resolved, we can investigate whether it's causing a leak. Updating the title (again) to reflect that.
,
Mar 26 2016
,
Mar 26 2016
Why is this a blocker? This seems like a synthetic DOS use case?
,
Mar 28 2016
abodenha, please take a look at the question in 5
,
Mar 28 2016
It's a bug with potential for abuse which has now been disclosed since this bug isn't restricted. It's borderline. I don't see much value for an attacker other than malicious mischief. I'm removing the blocker label tho it would be good to have someone familiar with the GC or tabstrip take a look soon. Simple solution could be to throttle requests to set the title. Possible flow: 1: If a page requests to change title, change it. 2: If additional requests come in within 1s to set the title, cache the request. 3: After 1s from the last applied change take the most recent request and apply it. I'm sure there would be consequences to figure out, but it seems like allowing a page to hang things by thrashing the title is unwise.
,
Mar 29 2016
I understand what you say, but i'm sure that there are ways to use it by a clever attacker. For example, some of the present ransomware viruses after infecting the PC needs rebooting, and then actives. These can be deactivated and removed before rebooting, but if it is done, it becomes hard to remove, and get the files back unharmed. By this script, the attacker can force user/PC to reboot instantly after infection, so the attack is done easily.
,
Apr 21 2016
Setting this bug to the same priority as the fix for the title updates.
,
Apr 21 2017
This issue has been available for more than 365 days, and should be re-evaluated. Please re-triage this issue. The Hotlist-Recharge-Cold label is applied for tracking purposes, and should not be removed after re-triaging the issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 21 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by rsch...@chromium.org
, Mar 24 2016Labels: Stability-Hang Performance OS-Android OS-Chrome OS-Windows
Summary: Rapidly changing window title hangs browser process and leaks memory (was: Memory and CPU usage bug, JavaScript (both on Chrome PC and Android version))