A weakness in the latest version of HTML has been exposed by a developer that downloads extensive amounts of data from visited websites to the user’s computer.
The exploit was discovered by a developer who has created a site to demonstrate how the flaw could be used maliciously by rapidly and unknowingly downloading large amounts of data to the end users hard drive. Although no malicious uses of the flaw have been discovered yet, the demo saw people who visited the site have a huge quantity of images of cats automatically downloaded to their computers, filling up their memory. This example showed clearly how easy it would be to use with negative intent.
Websites written in HTML5 are granted permission to store more data locally than previous versions. Browsers can limit this data allowance with a minimum of 2.5Mb but the fault in the language meant websites that linked to associated sites would store data from all individual linked sites as well as the original. The speed of the download was also quite significant with up to 1Gb of data being downloaded every 6 seconds. No code had been written by HTML5 developers to stop this happening.
The flaw can be active in all the major browsers including Chrome, Safari and IE.