Browsers are critical when it comes to securing a computer against potential threats from online entities. That is because browsers, more often than not, are our chief source of accessing the internet and surfing sites. It has now been discovered that any website, using a common HTML5 exploit, can fill up your computer’s hard drive.
The exploit is not new, although the possibility of using it for nefarious purposes is being discussed only now. It essentially makes use of the Web Storage standard that is a part of HTML5. Using this standard, any website can place unlimited amounts of data on the hard drive of a user who visits that site. A demo site, called Fill Disk, demonstrates this phenomenon quite aptly. Once you open the site, it starts loading up your hard drive with data, until you ask it to stop.
Web browsers are capable of blocking any such possibility and limiting the size of data that is transferred by a given site to the user’s hard drive. However, as of this moment, only Mozilla Firefox implements such protection.
Other popular browsers such as Google Chrome, Apple Safari, Internet Explorer or Opera have no checks to ensure that a site doesn’t place huge amounts of data on a computer’s hard disk. While the act, in itself, wouldn’t be a security risk, it still can annoy the user and, if the hard drive has little storage space, can even freeze the computer.
One hopes that now that this exploit has been brought to limelight, other browser vendors will try to patch up this vulnerability in the subsequent versions of their browsers.