HTML5 localStorage exploit at Chrome, Safari, Opera & IE


html5-local-storageCurrent versions of Chrome, Safari, Opera and IE they implement HTML5 localStorage quite unsophisticated, ignoring the affiliated sites (and subdomains) storage limit as provided by the specification. So, by setup perpetually subdomains exploiting this weakness, and with some tricky code, a site can fill up completely the user’s hard disk space.

Feross.org, create proof-of-concept web site, the FillDisk.com and make the code they used available at the GitHub, also with submitting bug reports to all exploitable browsers dev teams.

This exploit can affect systems with Chrome 25, Safari 6, Opera 12 & IE 10 and prior versions of these browsers with localStorage feature.

The only bullet-proof major browser is the Firefox, because of smarter and more in line with the standards implementation, of the localStorage feature.