I recently wrote about an issue with the “Fraudulent Sites” feature in Safari 3.2 that causes excessive CPU utilization.  I didn’t bother to speculate about the cause in that article.  However, as I was thinking about the issue it occured to me that this was probably a memory leak introduced in the Safari 3.2.2 release.  (the timeframe seems to fit the release schedule) one of the last few releases.  I honestly don’t use Safari that much, certainly not for casual browsing, so I can’t say for sure.  (I just don’t trust anything outside of the Firefox/NoScript combo for that.)  However, the bug is definitely there in 3.2.2 and 3.2.3.  (I just confirmed the bug is present in Safari 3.2.1 on Tiger as well)  If you’ve got a copy of Safari 3.2.0, I’d be interested to see if the bug is there as well.  It’s simple to reproduce:

1. open Safari, go to the preferences menu, click the security tab and check the box next to “Fraudulent Sites”
2. Visit any website and wait.

After a minute or two, your CPU utilization should jump to around 100%.  At this point Safari should still be usable, but will no longer respond to the quit command requiring a force-quit.  Don’t let it run too long in this state as Safari will eventually consume enough resources to lock the system down entirely.

I had stopped using Safari entirely due to this issue, but knowing there’s a workaround is good.  I typically used Safari for remote management of devices where its speed and small memory footprint could be an advantage.  Now that Apple is beta testing Safari 4, I don’t see this issue getting much attention.  If you’re affected by it, just turn off the Fraudulent Sites security feature.  However, I wouldn’t recommend using it as your primary browser in that configuration.