Do you want to crash someone’s Google Chrome just for the heck of it? Here’s how to do it with 16 simple characters.
Due to a bug in Chromium engine, you can crash someone’s Google Chrome browser just by adding a NULL char in the URL string. The bug was discovered by Andris Atteka and he has explained in his blog. He demonstrated the bug using 26 characters length string, but you crash Google Chrome using just 16 characters.
How to crash Google Chrome with these 16 characters? Just copy and paste the following string in your Google Chrome (Chrome 45 or older) address bar, hit Enter and watch your Chrome tab or the whole Chrome browser will crash:
http://b/%%30%30
Be careful, this step will crash your browser instantly!!
The browser crashes even if you hover over the hyperlink given ahead using your mouse pointer: http://b/%%30%30
Why does Chrome browser crash?
“It seems to be crashing in some very
old code. In the Debug build, it’s hitting a DCHECK on an invalid URL
in GURL, deep in some History code. Given that it’s hitting a CHECK in
the Release build, I don’t think this is actually a security bug, but
I’m going to leave it as such.”
In my tests, the code affects both Windows and Mac. The bug also
affects Opera and Vivaldi browsers, as both are build over the Chromium
engine. However, it didn’t affect Chrome for Android.This bug was only a local DoS issue, so Mr. Atteka didn’t get cover into the company’s bug bounty program.
Such bugs have been observed in the past and were quickly fixed.
0 comments:
Post a Comment