A 22-year-old Web developer from Stanford, Feross Aboukhadijeh, has discovered that a slip-up in the implementation of HTML5 in Chrome, Internet Explorer and Safari (Opera has been ruled out) can be exploited to fill a viewer's entire hard drive. He even offers a proof-of-concept of the exploit, and a demonstration page backing up his discovery.
As Feross explains, the HTML5 Web Storage standard "localStorage" was developed to allow sites to store larger amounts of data than was previously allowed by cookies. Before web sites could store 4k of data outside the browser cache, used to store simple data like the state of the previous visit, login info and more. But HTML5 websites are allowed to hoard around 5 to 10 MB of data locally. Given hard drives are jumping into 4 TB capacities, that's still virtually nothing.
