This Simple string of characters can crash your Google Chrome browser

Security researcher Andris atteka has found a new crash bug in Google Chrome. He discovered that by adding a NULL char in the URL string, one can easily crash Google chrome browser.

The victim just needs to open the URl in Chrome or hover over it while inside chrome. Yes you don’t even have to click the malformed URL to cause the crash, putting the cursor on the link is enough to crash your Chrome. Originally the researcher was able to crash the browser with a 26 character long string. However, researchers at VentureBeat managed to crash the browser with even fewer characters (16 Characters).

Browser crashing string script

Given below are the URL strings that can crash your Chrome browser:

WARNING! Don’t Click or point your cursor on the following Links.

Andris atteka’s 26 Characters URL string:
http://biome3d.com/%%30%30

Venturebeat’s 16 Characters URL string:
http://a/%%30%30

According to Atteka this crash bug is actually not a security threat but rather it is deemed to be only a DOS vulnerability and according to him the above string of characters seems to be crashing in some very old code. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code.

Atteka has already reported this issue to Google (Chromium issue) and Google has yet to release a patch for this.

  • SHARE