Crash a Browser with a Script – Fork Bombing Explained


Fork bombing is similar to causing a memory leak with a script recursively calling itself––instead of doing recursive operations, you make copies of (fork) the process every iteration until you exhaust the system’s memory, causing a Denial of Service attack.

The infamous :(){ :|: & };: bash script is an example of a fork bomb on Linux machines.

Disclaimer: Don’t try it on your primary machine. You will suffer! Use a VM or a sandbox computer to do all this.

Crash a browser with JavaScript

Browsers are vulnerable to DoS in a lot of ways. You can write a simple script that recursively creates a pop-up box or create DOM elements until it eventually consumes all the memory and crashes.

while (true) { alert("hello evil world!"); }

Modern browsers have preventive measures for erratic scripts like this and offer you the option to terminate them. But if you are serious about forcing a memory leak in your browser (and eventually your system) you can flood your history using the `history.pushState` API in a recursive loop and watch your system sputter out and writhe in pain. Or, you can recursively spawn processes the same way to create a fork bomb.

Force a memory leak on windows with a fork bomb

Like the :(){ :|: & };: on bash, you can (don’t!) use %0|%0 in a batch file and execute it. This will recursively call the process and cause a kernel hang with no options to access the task manager.

This post was first published on August 7, 2014.


Karthikeyan KC

Aeronautical engineer, dev, science fiction author, gamer, and an explorer. I am the creator of Geekswipe. I love writing about physics, aerospace, astronomy, and python. I created Swyde. Currently working on Arclind Mindspace.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 Responses

  1. Did not know I can do this on Windows! Thanks.