This repository demonstrates that browsers will download huge favicon and touch-icon files to the point that they crash and/or bring the computer to a halt - all in the background with no indication to the user that any form of download or networking is happening.
(no spinner)
I originally tested this with Chrome. People have pointed Firefox and Safari do this too, IE does not appear to be affected.
Chrome bug 500639 Firefox bug 1174811 (fixed)
This is what it looks like before crashing on my computer (currently testing on travel laptop with 4gb ram):
Inspired by a tweet by a_de_pasquale.
- Install io.js (NodeJS works too)
- Run:
node exploit.js - Test your browser by visiting http://localhost:3000 (or if you have
process.env.PORTset then that port)
- Install io.js (NodeJS works too)
- Run:
node exploit-ios.js - Test on iOS by visiting http://ip-of-computer:3000 and tapping on the share icon (or if you have
process.env.PORTset then that port)