HTML5 browser exploit can flood your Hard Drive with junk data

HTML5 browser exploit can flood your Hard Drive with junk data

Feross Aboukhadijeh, 22-year-old Web developer from Stanford has discovered HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data.

Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts of data (like 5-10 MB). In a proof-of-concept he was able to full up 1 GB of HDD space every 16 seconds.

He created FillDisk.com in order to demonstrate the exploit in HTML5. Once user will visit the website the Web Storage standard allows website to place large amounts of data on your drive. Please note that, It's not a hack and this exploit won't allow attackers to access your computer.

However, Web browsers have the ability to limit just how much space websites can dump onto your hard drive. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit. Whereas Chrome, Safari (iOS and desktop), and IE vulnerable to this.

You can find the source code here. Feross already logged the bug for Chrome and Safari, so the problem there should be fixed soon.