Issue metadata
Sign in to add a comment
|
Security: CPU overloading
Reported by
vancouve...@gmail.com,
Apr 21 2017
|
||||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home /chromium-security/security-faq Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS Please provide a brief explanation of the security issue. VERSION Chrome Version: Version 58.0.3029.81 (64-bit) Operating System: Windows 10 Home REPRODUCTION CASE When using the following link in my website https://www.youtube.com/embed/WE_EgwFRils?list=PL3M4lKT4ssGRFn7YrLMzqhQI86kSXERNx while I am signed up with my gmail account (vancouverbcd@gmail.com) browser goes into infinite loop, throwing an error remote.js:79 Uncaught TypeError: Cannot read property 'prototype' of undefined at Object.g.p (base.js:21) at remote.js:79 at remote.js:166 That makes my CPU go to 100%. So basically, putting this link in a website - it automatically make all visitors that have the same gmail settings as I to make their computers overloaded. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: CPU overload, infinite looping in youtube base.js file Crash State: remote.js:79 Uncaught TypeError: Cannot read property 'prototype' of undefined at Object.g.p (base.js:21) at remote.js:79 at remote.js:166 Client ID (if relevant): [see link above]
,
Apr 22 2017
^ To clarify, this could be caused by an extension. You'll want to try running this in a new browser profile with no extensions (incognito also works as long as you don't have any extensions running in incognito mode).
,
Apr 22 2017
Yep, I tried to unistall all extension and problem still happens, the only think that affects it is my gmail account. (one of multiple I have, the rest don't cause this issue). So, whenever I sign out from my gmail account - the problem is gone.
,
Apr 22 2017
Thank you for providing more feedback. Adding requester "meacer@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 22 2017
Thanks. It's difficult to say what's causing the problem only on your account. It's possible that a buggy Youtube experiment could be enabled on that account and is what's causing this problem. Since overloading the CPU doesn't represent a security vulnerability I'm going to close this issue as WontFix. In the meanwhile you might want to consider reporting this to Youtube (I briefly searched and couldn't find a similar bug).
,
Apr 22 2017
For the user it's basically the same as virus that eats all computer resources. I can not figure out what's the issue because it's all happening on your servers. I did not know how to categorize so I posted it here. If it happened to me it could happen to others and there is no reports because it's hard to recognize, exactly like any other virus, that is a security issue in my opinion.
,
Apr 22 2017
One more thing: Are you seeing the same problem on other browsers? For example, does Firefox also print the "Cannot read property 'prototype' of undefined" message?
,
Apr 22 2017
Let's put it this way, whoever figures out what setting it is and trick me out to set it up - will make my computer use 100% CPU and the suer will blame google - as it's their bug.
,
Apr 22 2017
It happens in Chrome, Edge. Firefox works fine.
,
Jul 29 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mea...@chromium.org
, Apr 21 2017