FillDisk.com downloads an unlimited number of cat images, filling up your memory and eventually causing your browser to crash. This shouldn’t be possible, but thanks to a flaw in HTML5, Chrome, IE and Safari as well as mobile browsers are all vulnerable.
As its name suggests, FillDisk.com loads an almost unlimited amount of data onto hard drives of people who access the site. It requires no user interaction and works with the Google Chrome, Microsoft Internet Explorer, and Apple Safari browsers. It adds 1GB of data every 16 seconds on a MacBook Pro Retina equipped with a solid state drive, according to Feross Aboukhadijeh, the Web developer and computer science grad student who created the proof-of-concept site.
FillDisk.com manipulates the Web Storage standard included in the HTML5 specification. This standard is designed to make websites easier to use by allowing them to store data on visitors’ hard drives. The functionality can be useful when end users are filling out long forms. If the browser crashes before the form has been completed, the data that’s already been entered will be available when the person visits the site later. The creators of the standard specifically warn that browser developers should take steps to ensure websites can’t abuse the feature by writing unlimited amounts of data. [arstechnica]
The next rick-roll? Possibly. Firefox has already patched the bug and the others should follow suit soon. It’s slightly worrying thinking about what this exploit could have been used for…