New issue
Advanced search Search tips

Issue 811357 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Feb 2018
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: memory leak vulnerability

Reported by ea_bessa...@esi.dz, Feb 12 2018 
Hi Google!

I found a memory leak vulnerability in chrome(Computer and android); 
Steps to reproduce:

1. Send the "Qnibuz.html" file to a user( or host the file somewhere and send the link to the user )
2. The user opens the "Qnibuz.html" file on Chrome.



Brief Description of what will happen :

-on PC : 
1.the script will start allocate memory at a rate of 10MB/s which reduces the performance of the computer in few minutes.
2.if the user is in an other tab no alert in shown
  else a "page unresponsive" message is shown with a "wait" button

-on Android :
1.the script will start allocate memory at a rate of 10MB/s which reduces the performance of the smartphone and causes the app to freeze.


Regards,
Bessalah Amar
Student at ESI.DZ
Qnibuz.html
402 bytes View Download

Comment 1 by elawrence@chromium.org, Feb 12 2018

Status: WontFix (was: Unconfirmed)
Denial of service issues are not tracked as security bugs. The user can resolve this issue by closing the tab.

https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Are-denial-of-service-issues-considered-security-bugs
Project Member

Comment 2 by sheriffbot@chromium.org, May 22 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment