"Watch out for this new URL that will crash your iPhone and Mac Safari if you click it"
http://9to5mac.com/2016/01/25/safari-mac-iphone-ipad-crash/
oh shit. works on my ipad, iphone, and mac.
step up your game, apple.
>>52624975
http://crashsafari.com/
>>52624975
iPhone and Mac affected. Latest OSes on both. At least you can kill the process on the Mac. iOS crashes to the home screen.
>>52624975
> posted from aids infected Windows 10® computer
>>52624975
This also crashes Chrome on Windows and Android
Crashes Chrome
someone on 9to5mac says it crashes firefox as well.
can anyone confirm?
This crashes Chrome on Windows, Firefox freezes for 20 seconds or so and then resumes but doesn't crash, Edge Freezes for 5 seconds and then resumes.
Edge Strong.
>>52625231
what sorcery is this?
it crashed chromium 48 in my gnu plus linux arch install
>>52625394
see: >>52625307
That's what happens when people uses a weak typing language like crapscript.
>YFW it's a bitcoin miner
My 64 GB of RAM got used instantly
>YFW It deleted every content of data on my Nexus 6P
WTF Google?!
>>52625394
it's a sign. start using edge under the superior windows 10.
>>52625307
It didn't crash ChromeDev on my phone. The tab became unresponsive so I just closed it.
Based Chrome sandboxing...
>>52625394
That's not actually the url in the story. Appears to be a malicious web attack page.
>>52625425
Oh rly, a badly/maliciously written page made your browser crash? You might want to remember what happened with the heartbleed exploit which was caused by using C in the SSL algorithms. All caused by C failure to have boundary checks before a memcpy call.
>>52625801
Si!
>>52624975
Crashed Vivaldi and couldn't open it.
Restarted my computer then got a bluescreen.
>>52625360
This didn't crash Chrome on Win 8.1.
I do have 16GB of RAM, so that might have helped. The tab just became unresponsive and I closed it. Didn't even have to close Chrome, just closed the tab.
But you could get similar results if you just wrote a simple array sorting algorithm with thousands of random numbers. Nothing unusual. If you write shit code, this can happen.
>>52624975
Hosed Firefox for a good couple of minutes. Got the "stop unresponsive script" prompt though, stopped it, and all was well.
>>52626206
Same, but just for ten seconds or so.
<script>
var total = "";
for( var i = 0; i < 100000; i++ ) {
total = total + i.toString();
history.pushState(0,0, total );
}
</script>
What does it mean?
why can't iphone handle 2 tabs of safari
>>52626267
check your history
>>52626345
holy shit
>>52626345
Still there.
I'm on IE though, didn't crash.
feels like this shouldn't happen in 2016.
>>52626371
>I'm on IE though, didn't crash.
Wow! Better let MS know so they can patch that in the next release.
>>52626431
Why not go further beyond.
Firefox, Chrome, Safari on Suicide watch.
if your browser crashed, it means it can be exploited and you should stop using that browser.
>>52626508
back to Netscape.
>>52625360
>Edge Freezes for 5 seconds and then resumes.
Confirmed.
B A S E D G E
A
S
E
D
G
E
Chrome on OSX handles it pretty well. It just slowed down all my other tabs until I closed crashsafari.com
>>52626508
exploit implies some kind of risk
this is just something the devs overlooked
just tried it in chrome on windows, it actually just makes the main browser process eat ram extremely fast (it was at 2gb after a few seconds before I closed it)
>>52626662
>exploit implies some kind of risk
yes, that is exactly what i am telling you. if your browser can be crashed by a website, you are at risk of being exploited. are you new to technology or what?
>>52626662
No one is saying that this particular website is spreading malware, but any other website could use this exploit to infect your machine. If your browser crashed and you care about security, you should use another browser for now.
>>52626678
>>52626713
>I don't know the difference between a simple trick that causes a browser to use too much ram and an actual security risk
/g/ everyone
>>52626732
chrome user detected. enjoy your insecure browser
>>52626732
It's called buffer overflow, you retarded dullard.
>>52626508
If you have Chrome and it crashed it means you don't have much RAM. With 16GB Chrome doesn't crash on that page.
>>52626836
seems microsoft office has hit new levels of the flat design meme.
if that can be called design (^:
>>52626804
>buffer overflow
>Javascript
>no pointers, no raw arrays, everything is a managed object
Is this the technology board? Do you know what a buffer overflow is?
>>52626836
>crashsafari.com
literally, what were you expecting?
>>52626945
It's just JS.
>>52626973
oh. sorry m8.
>>52624975
crashed palemoon
clearly this isn't just an apple thing
>>52624975
>applel can't even handle poorly coded javascript
>>52626804
Oh boy this better be b8... Explain what a buffer overflow is sir?
>>52626804
>It's called buffer overflow, you retarded dullard.
>>52626713
>No one is saying that this particular website is spreading malware, but any other website could use this exploit to infect your machine. If your browser crashed and you care about security, you should use another browser for now.
>>52626678
>>yes, that is exactly what i am telling you. if your browser can be crashed by a website, you are at risk of being exploited. are you new to technology or what?
What the fuck, dude. Hand over your /g/ licence, now. Go to /v/ with other faggots.
As of yet there's no proof of concept written how this could be exploited. I'm not worried.
>>52626119
Then how did you post this?
This is the most stupid thing ever. Know what the script is?var total = "";
for( var i = 0; i < 100000; i++ ) {
total = total + i.toString();
}
This crashes a browser? Color me surprised.
/g/, this is a new fucking low, even for this shitty consumer board. None of you even looked at the source, you just leaped right to "hurr durr apple a shit". fwiw, it doesn't even crash on firefox, it detects that the script is basically hanging, and gives you the option to kill the script.
>>52627695
There is no proof of concept because it is not even an exploit, it's just shittily coded js.
>>52624975
Huh, this might be the only time edge doesn't hang up and freeze for a bit on a random site.
>>52627784
he didn't, because he's a lying retard, hoping to get cool points on the internet. A userspace program running out of memory and crashing will never cause a bluescreen, even on windows.
It crashed Firefox for me.
>>52627860
it didn't, it temporarily froze it. If you wait a bit (depends on the speed of your pc) firefox will detect that the script is hogging cpu and freezing the program, pause it, and give you the option to either kill it or let it continue.
>>52627791
Your firefox menu looks nasty desu.
>>52624975
To be fair to the apple cucks, that pretty much crashes everything...
>>52624975
>having javascript enabled
you literally asked for it.
op is a fucking click baiting retard
>>52625231
wew
>mfw i visited the link in 64bit firefox 42 and it stopped responding and got to 7GB memory usage before telling me the script was being a faggot and do you want to stop it
Phew lad.
>The History API is what allows modern websites to change the URL of the page without causing a refresh
I HATE THIS.
I HATE WEB PAGES THAT LOAD WITHIN THEMSELVES.
AND IT TURNED OUT TO BE A SHITTY IMPLEMENTATION THAT WAS OPEN TO ABUSE.
>>52629337
10 new ad impressions disguised as clever content! You won't believe #1!
>using a Webshit browser
>ever
>tfw trident master race
My Firefox even stopped responding trying to delete all the new history entries it made for today.
What a piece of shit.
QR code, in case you want to paste it somewhere.
>>52626804
>allocating too much RAM is a buffer overflow
>>52627789
/thread
>>52629501
Why would you end the thread with him? The guy is a retard who missed the most important line from the loop, the history push that was causing 100,000 entries for the page to get placed into the browser history which is why it causes browsers to shit themselves.
I bet that guy hasn't even tried to delete the entries from his Firefox history yet.
>>52629534
Folder blasters aren't exploits, you know.
They just fuck your shit up, that's all.
>>52629561
I'd count this as an exploit. There's no reason why the browser should even allow pages to push history, especially when they're going to store each one into memory individually.
This was an incident waiting to happen.
>>52629596
It's not an exploit, it just fucks up your RAM, memory, and day.
Exploits compromise system or information security, this is just a prank-tier loophole in the browser history API.
>>52629445
:^)
>>52629445
who scans QR-codes though.
>>52629626
topkek
>>52629626
welp
>>52629534
I opened it in history, selected them all and hit delete. Took a few moments, but it's all gone now. Was pretty easy desu.
>>52624975
KUKED
>zozzle
>>52628732
>abp
It's also crashing Chrome.
>>52631059
Not on my PC. It just freezes one tab, then I can close it like 10 seconds after.
Must be your ram.
>>52624975
My sufferi just freezes
Must be some shitty website
>>52631313
Checked
didn't do shit to edge on windows mobile 10
PC master race even in cellphones
>>52631358
>PC master
>>>/r/pcmasterrace
>>52625307
Nah it just hung on my phone and I closed the app. This isn't some shit tier iOS garbage.
>>52625307
So it's not another bad URL, it's the page then?
So what they're saying is badly sandboxed browsers crash?
>>52626569
>>52626836
>>52627336
>>52627791
>>52628816
>>52631313
>>52631358
>There are people who fell for this clickbait
This happened when I tried it on WebKit r195510
My test on all major browsers running on Windows:
Firefox (latest) - browser freezes, after a while it displays the page text and asks me whether I want to debug/stop/continue running the unresponsive script. After a while, I can open another tab and close the freezing one. It's only using maximum 4.7GB RAM, not much CPU. Most of the freezing seems to be from disk writes actually (95% disk activity). Could be from Windows swapshit or something I thought I disabled once, but I think it backfired somewhere else, so I enabled it back.
IE 11 - browser freezes for a while then it displays the text. No surge in any PC resources.
Opera 34 - surge in CPU usage, later in disk usage too. It can't launch any other tab while having one frozen, no proper sandboxing. Eventually it crashes.
Chrome (latest) - high CPU usage when page launches, RAM usage stays below 5-6GB, after a while it crashes. In other tests it didn't crash. It seems that this depends on other factors. On a 2nd test, if you click to create a new tab and to close the freezing tab after some time, the browser doesn't crash anymore. Yeah so, moral of the story, if you see freezing tabs, just close them and you don't even have to restart the browser. Then, again, even if it crashes, you get the option to restore all your tabs.
Someone give me the tl;dr please.
https://developer.mozilla.org/en-US/docs/Web/API/History_API#The_pushState%28%29_method
Can websites cause history entries without you going from site to site?
>>52631714
I see, Mr. Elliot Wood.
>>52631871
That's a single name
>>52631914
Or maybe that's what I set my username to.
It doesn't have to be my actual name.
>>52631914
That's the username, which doesn't allow spaces.
>>52631845
tl;dr: yes. Have you ever ended up trapped on a site that didn't take you to the previous one when you hit the back button? That's why.
Damn, it froze my chinkphone too.
>>52632131
oh, that..
What exactly causes that?
It always feels like the link you originally clicked led to a redirect to the page you wanted, and you "back" into the redirect
>javascript having to your files
Retard
>>52624975
It crashes Safari on iOS by filling the RAM with history data.
It also locks up most other browsers but doesn't crash them. Safari on OSX locks up the tab, uses insane amounts of RAM (though less than Chrome) and a lot of CPU. Other tabs remain unaffected.
>>52626267
Basically adds a "history" entry for every number 1-100000 in a loop, like so:
crashsafari.com/ (starting)
crashsafari.com/1 (first history)
crashsafari.com/12 (second history)
crashsafari.com/123 ...
...
crashsafari.com/...9999899999100000
You probably will not reach that last state, but if you do, the browser will have a few gigabytes of history data in memory.
>>52632397
and it's worth noting that the author of the javascript could've used a much larger number if he wanted to, causing even more memory usage.
>>52624975
>deliberately cause program to use too much ram
>run out of ram
>OS kills it because it needs ram to keep working
>$program sucks guys, haha
539347 Join this kahoot
>>52631714
>memory pressure
wut?
>>52624975
>loadiong 10k pages with random urls on that domain
>firefox warns me after a few seconds
>stop the script
>nothing more happens
this is what happens when i've disabled noscript
>sjware doesnt have this problem
>>52632752
>>52627789
pretty much this, ya people are all retarded
>>52632773
Hey Steve, how is that detoxing diet working for you?
>>52631714
>App Memory
The Cancer.
>>52631714
steam steam lol
>>52632661
It actually seems to use more CPU than RAM. And in Firefox, it weirdly seems to cause high disk usage.
You should test with a resource monitor program side by side.
Someone post that guy in the room full of Apple things already please
>>52632891
>And in Firefox, it weirdly seems to cause high disk usage.
Probably the OS swapping memory to disk.
memory consumption slowed down at 14GB
Just visited it on a 5+ year old laptop with lmint and I just closed the tab.
Macfags truly have nothing beyond aesthetics.
>>52626804
keksimus maximus
>>52625456
>I don't know anything about anything
fuck off
Tried it on Firefox on Linux. It did make the browser unresponsive and asked me to force quit, but waiting for a bit longer threw up a 'script stopped responding' message after which I could stop the script and close the tab. Then it took a minute or to for Firefox to recover, but now it's back to working normally.
Fuck you, my ChromeBook froze for minutes and just crashed.
>>52633981
buy a mac. it just works.
>>52627886
Same here, in nightly it froze for a little, then asked me if I wanted to stop that script and everything was good after that
>>52631313
is that kirino from a doujin? looks damn familiar.
>>52629337
>history api
>insecure
It even tells you if you try using it, man.
>>52635067
are you sure that error is not due to some other reason?
>>52624975
Saved
If anyone opened that url, check your browsing history.
Just clear the last hour of history
>>52624975
>when bitdefender doesn't let you have fun
>>52636755
just turn it off
>>52637027
but I'm scared anon. Hold me
>>52624975
Nothing Happened!
>>52625231
Opera 12 handles it fine.
>4 years later, presto is still the best rendering engine.
>mfw closed the tab in nightly as soon as I opened it and it kept running into the background until it hogged all my ram and I had to kill the task.
>>52625231
Crashed chrome on my s5
>>52624975
Apple's finally caught up with the CrashIE thing that was all the rage 10 years ago.
