Did you know a webpage could fill your hard drive with junk data, unbeknownst to you? It’s true: FillDisk.com can do just that, and until web browsers fix the problem, more malicious websites might be able to do it too. Web developer Feross Aboukhadijeh set up FillDisk as a proof of concept to demonstrate a nasty exploit in HTML5: with a simple trick, the Web Storage standard allows any website to place large amounts of data on your drive. It’s not technically a hack and won’t allow attackers to access your computer, but running out of space still has the potential to be annoying.
HTML5 browser exploit could let pranksters fill up your hard drive
is a senior editor and founding member of The Verge who covers gadgets, games, and toys. He spent 15 years editing the likes of CNET, Gizmodo, and Engadget.
Interestingly, the W3C standards body actually anticipated this particular trick, suggesting that web browsers limit how much space is available to a website, or prompt the user before allowing a site to monopolize more than five megabytes at a time. However, while Mozilla Firefox behaves well, the author says Google Chrome, Microsoft Internet Explorer, Apple Safari, and Opera have no storage limit to keep pranksters from misbehaving. We tried FillDisk.com for ourselves on a Windows 8 machine with updated browsers, and sure enough, our drive started filling immediately. Chrome, however, didn’t last long before crashing completely, an issue that the team is now aware of. Let’s hope these browser vendors make haste in patching the exploit.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
Most Popular
Most Popular
