Bug Reported : A Simple String Can Crash Google Chrome

Bug Reported : A Simple String Can Crash Google Chrome

Google Has Rewarded Over $6 Million To Security Researchers Since 2010 For Finding Flaws
Google introduced ‘Project Bloks’ to teach kids how to code
With Google’s New Compression Algorithm Chrome is Going to Get a Lot Faster

Recently a new bug has been found in [p2p type=”post_tag” value=”chrome” attributes=”target=’_blank'”]Google Chrome[/p2p] browser, that Typing in a 16 character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google Chrome.

The bug was reported by Andris Atteka who explained on his blog that all you to do to crash your Chrome is to add a null character in the URL string. And he also put an example in his blog post. His example was 26 characters long url, and you can check it through above link. You can see that Chrome freezes when ever you hover over that particular url. But not only that url, any url with simple strings can crash your chrome badly.

If you like to test, simply enter ” http://x/%%30%30 ” in your chrome address bar and hit Enter.Then either your Chrome tab or the whole Chrome browser will crash.

Crash Google Chrome

Also See: [p2p type=”slug” value=”all-available-google-chrome-shortcuts-list-for-windowsmac-and-linux-users” attributes=”target=’_blank'”]All Available Google Chrome Shortcuts List For Windows,Mac And Linux Users[/p2p]

Atteka reported the bug to Google today. They have given technical explanation for the reason of the bug that,

“It seems to be crashing in some very old code. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it’s hitting a CHECK in the Release build, I don’t think this is actually a security bug, but I’m going to leave it as such.”

Google Chrome crash is reported in both Windows and MAC paltforms.This isn’t the first time a link was discovered that could crash Chrome. A similar issue was discovered just for Mac in March and another was discovered for all desktop platforms in April. Both were quickly fixed.

Unfortunately Atteka will not receive any reward from Google since this was deemed  to be only a DOS vulnerability.Still, it’s easy to see how the bug could be abused and affect many Chrome users.