Combination of beforeunload and navigation in setTimeout blocks browser UI
Reported by
mishra.d...@gmail.com,
Oct 30 2016
|
||||||||||||||||||||||||||
Issue descriptionHey Team , The bug i want to mention here is a denial of service attack that will not allow any kind of redirection on a page crafted by attacker where we have used hyper-links(ahref). The bug can be maliciously used by crafting an HTML file by an attacker and then sending it to the victim clearly showing there is a hyper-link that redirects to lets say (google.com) through status bar but it will not , instead cause denial of service , Chrome browser's also hang up and Crashes. I have tested it on the Very Lasted Version of the Chrome from Android attached screen shot for References Reason: The following script stops the page from being redirected: window.onbeforeunload = function(){ //Unredirectable Page setTimeout("window.location=document.location;",0); } Demo URL : http://hackies.in/Unredirect-Browsers-Test.html Actual results: It should redirect me to the new page , where as it don't redirect to a new page and the browsers Hangs up. Expected results: So dependency of JavaScript objects(window.document) on Href attribute should not be there. Attached POC for References
,
Nov 7 2016
,
Nov 7 2016
Is this Android only? Can you repro on desktop Chrome?
,
Nov 8 2016
Hi , I have tested this on desktop chrome, the browser does not crash however, the CPU process increases tremendously. Further, i have tested this issue on various other versions of android chrome (Beta, Dev and canary), this issue impacts all the android chrome browsers. Instead of creating new threads for other browsers, i would like to include them in this thread itself. Kindly consider. Hereby, attaching screenshots for your perusal. Thank you
,
Nov 8 2016
To be clear, you got "application not responding" dialog, Chrome didn't crash. This means something caused Chrome browser UI thread really busy. danno@, can you help to take a look as it is JS related?
,
Nov 8 2016
Hi , Sure no issues. However I have tested the issue in Chrome for Ubuntu OS. The browser seems to be crashing while testing. Please suggest if I should create a new thread for this issue. Also, attaching screenshot for your reference. Thank You
,
Dec 9 2016
Dear Team , Any updates on the above issue , please let me know ! Thank you
,
Dec 11 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 19 2017
,
Jan 2 2018
V8 already offers a hook to intercept the execution of endless loops. Maybe Clank should provide a better UI here?
,
Jan 9 2018
,
Jun 5 2018
|
||||||||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||||||||
Comment 1 by sureshkumari@chromium.org
, Nov 2 2016