Agreed, and I am surprised by the complete lack of throttling or resource quotas that would allow this.
Typically niche-use-case and high-performance APIs that aren’t hidden behind experimental flags require user permission by default, a practice solidified by mitigations of other exploits like mining, fingerprinting, etc. To find one open and apparently so unregulated by default is unusual, if true.
Either way, I suspect any user vulnerable to this exploit is likely already exposed to much worse via similarly unsophisticated attacks.
Agreed, and I am surprised by the complete lack of throttling or resource quotas that would allow this.
Typically niche-use-case and high-performance APIs that aren’t hidden behind experimental flags require user permission by default, a practice solidified by mitigations of other exploits like mining, fingerprinting, etc. To find one open and apparently so unregulated by default is unusual, if true.
Either way, I suspect any user vulnerable to this exploit is likely already exposed to much worse via similarly unsophisticated attacks.