Lead to denied of service via.history.go()
Reported by
zyzengst...@gmail.com,
Feb 10 2017
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. The POC script is: <a href="data:text/html,<script>history.go(-1)==history.go(0)</script>" target="_blank" style="font-size:100px">click me</a> or you can visit online poc page,then click that link: https://api.lightrains.org/poc/2.html 2. You will find that all tabs of chrome no longer work.The cpu utilization of your computer rise rapidly.You must use process manager to force quit chrome. 3. Note:Because the consequences a little bad control,I just test it on Mac chrome,but I think it influences all platform. What is the expected behavior? What went wrong? Chrome doesn't work anymore,I must use process manager to force quit it. Did this work before? N/A Chrome version: 56.0.2924.87 Channel: stable OS Version: OS X 10.12.3 Flash Version: Shockwave Flash 24.0 r0
,
Feb 10 2017
Passing to kinuko to decide if this is a duplicate of Issue 394296 . On Linux, at least, I am able to close the offending tab without resorting to System Monitor/Task Manager/kill. |
||
►
Sign in to add a comment |
||
Comment 1 by elawrence@chromium.org
, Feb 10 2017