If you use Google Chrome, you’ll want to watch out for this bug: According to VentureBeat, a specific character string of text could bring your browser crashing to the ground.
Advertisement
Hovering your cursor over the link will crash your Chrome tab as well, along with every other tab like it. Try it yourself by opening Atteka’s blog post or the Chromium report in a few tabs and putting your cursor over the example link provided.
There’s a bug in the Chromium engine which allows anyone to crash the browser by typing in a small piece of code at the end of the page’s URL.
According to the Atteka, by accessing a site in the form of “http://websitename.com/%%30%30” will immediately crash the user’s browser. The latest, identified by Andris Atteka and reported on VentureBeat, is that Chrome can be made to crash with a simple 16-character URL. Removing 10 characters from Atteka’s link and keeping just http://b/%%30%30 does the trick as well, and to a greater extent.
Although Google runs a bug bounty program, the company is not paying out in this instance because it is not seen as a security problem – although it is certainly an issue that is slightly irritating and open to exploitation. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code.
Advertisement
The issue appears to affect Chrome for Windows, Chrome for Mac, and Chrome for Linux, but not Chrome for Android. “Given that it’s hitting a CHECK in the Release build, I don’t think this is actually a security bug, but I’m going to leave it as such”. The mobile version of Chrome, meanwhile, seems to be unaffected, as it doesn’t crash with either of the two URL string examples.
