This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Sorry, this won't be a detailed account. I haven't spent the time to verify that it works but it looks pretty exploitable.

I came across: https://twitter.com/DesignJokes/status/1029992922580574208 where Wentin points out that more than 40G of disk space is used up when playing with variable fonts.

Potential exploit: an attacker forces user to reboot or relaunch chrom*.

Why is this bad: While more benign (no data lost), the UX is completely destroyed and it seems easy to trigger this in the background (invisibly) so the user has no idea what's causing the sudden increase in disk usage - forcing restarts and severe distractions.


VERSION
Chrome Version: no idea but looks like all current AFAICT
Operating System: no idea but looks like all

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

https://twitter.com/DesignJokes/status/1029992922580574208

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]

n/a

Thanks for the good work!