I see no security issues here at all, only a known DoS attack that can be worked around: A browser can eat all memory available on the system. There are easier ways to do that:
<SCRIPT>s='A';while(s.length<0x100000)s+=s;a=[];while (1)a.push(s.substr(1));</SCRIPT> (this will generate many large strings in JavaScript to eat memory) Chrome will use as much memory as the OS provides. If the OS stops providing Chrome with memory, Chrome will stop rendering the page and display the sad tab to indicate that there is a problem in the page (this is call out-of-memory or OOM). Until this happens, you can either close Chrome or close the tab that is eating all your memory. This is expected behavior. If the OS freezes, this has nothing to do with Chrome: that would be a problem in the OS. AFAIK the OS may become slow when a lot of memory is being used, but not completely unresponsive. You should still be able to open the task manager and close the application if you wanted to. Either way, it should be possible to cause any such problems with any application, not just browsers. You should talk to the OS vendors to inform them of any issues you find in their software. Cheers, SkyLined Berend-Jan "SkyLined" Wever ([email protected]) <[email protected]> Security Software Engineer Google Netherlands B.V. Reg: Claude Debussylaan 34, 15th floor 1082 MD Amsterdam 34198589 Netherlands VAT / Tax ID:- 812788515 B01 On Wed, Feb 11, 2009 at 09:43, ck <[email protected]> wrote: > > Hi Adam, It looked lik a simple pop-up bomb cos there's a controlled > for loop in it which i didnt let go wild. > > 1) This was just a simple demo wherein if the user had logged into > gmail, then the OS would hang completely. *certain conditions like the > one below make it favourable. > > Thats what i had mentioned, applications like gmail in a browser like > IE7 or FF take up anything from 60 to 100 MB of RAM depending on the > extensions(addons) in the browser. On OS like XP with users having a > 1-2 GB RAM, the sys chokes up and there's no other option except to > reboot. > > In simple terms, we could have setting that would define the number of > browsers, or tabs or a cross-product that serves as a threshold, say > 30, and the user could change it as per his/her requirements. > > Secondly, it sheds light on the pop-blocker case, i didnt see the > Browser or Toolbar pop-blocker to be effective, and it totally fails > if you'v added www.google.com or www.gmail.com to the 'trusted sites' > in IE xx or 'Exception' in FF xx browser settings. > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
