I couldn't find a team that fits this work, so I am throwing this to the architecture pile :)

In general how do we throttle IPC? I can do this in the renderer, but I wonder if we try to avoid having a runaway renderer be able to DOS the browser process in a more general way.

jam@, jochen@ ?

We don't have a generic way of doing this; although it's been discussed on and off for mojo ipc. The status quo is that we're waiting to see how a few consumers do this manually, and then that'll help guide what the API should look like. see  bug 584775 , which I just annotated to point back here as an another example.

regarding protecting from an exploited renderer: it's assumed that there's nothing we can do to prevent a renderer from causing OOM in the browser. There are too many heavy operations it can trigger.

While this may also have been leading to OOM, that's a separate issue. I think the concern here is that the IPC flood is just overwhelming the browser process in terms of CPU.

The same reasoning apply to any resource consumption (memory, cpu, gpu memory, network sockets, file handles etc...) that's requested from the renderer.

Marking the above issue as Untriaged as this is a feature request.

Thank you!

Renaming Blink>Architecture to Blink>Internals

 Issue 597012  has been merged into this issue.