Security Watch: Chrome’s Loops And holes
The Problem
Google Chrome, the new born browser hits a roadblock when it tries to handle the Javascripts methods onbeforeload and onunload.
This bug seems to affect Chrome users running versions 0.2.149.xx on Windows XP-based computers. The bug messes up Chrome when it gets into an infinite loop with the commands onbeforeload and onunload.
This means trouble makers can implement this code to initiate a loop in a simple page. In the example shown by Aditya K Sood, the following code in a page gets Google Chrome hung up.
<body onbeforeunload=”for ( var chrome_t = 0; chrome_t < 999999; chrome_t ) { alert(‘I think we’re bugging Chrome’); }return false;”>
Initially, the CPU utilisation shoots up, and slows Chrome to a crawl. Then, Google Chrome refuses to close and has to be forcibly shut using the Windows task manager.
The Solution
Google has apparently acknowledged the problem, and a fix expected anytime soon.
Google has an auto-updater utility that runs alongside Google Chrome that keeps the browser up-to-date. When the fix is available, it will be automatically downloaded and patched. When you read this, try the code, and if it doesn’t affect Chrome, you know it’s been patched.