Security Watch: Chrome’s Loops And holes

Updated on 26-Mar-2009

The Problem

Google Chrome, the new born browser hits a roadblock when it tries to handle the Javascripts methods onbeforeload and onunload.

 

This bug seems to affect Chrome users running versions 0.2.149.xx on Windows XP-based computers. The bug messes up Chrome when it gets into an infinite loop with the commands onbeforeload and onunload.

 

This means trouble makers can implement this code to initiate a loop in a simple page. In the example shown by Aditya K Sood, the following code in a page gets Google Chrome hung up.

 

<body onbeforeunload=”for ( var chrome_t = 0; chrome_t < 999999; chrome_t ) { alert(‘I think we’re bugging Chrome’); }return false;”>

Initially, the CPU utilisation shoots up, and slows Chrome to a crawl. Then, Google Chrome refuses to close and has to be forcibly shut using the Windows task manager.

 

The Solution

Google has apparently acknowledged the problem, and a fix expected anytime soon.

Google has an auto-updater utility that runs alongside Google Chrome that keeps the browser up-to-date. When the fix is available, it will be automatically downloaded and patched. When you read this, try the code, and if it doesn’t affect Chrome, you know it’s been patched.

 

Team Digit

Team Digit is made up of some of the most experienced and geekiest technology editors in India!

Connect On :