There is a single sixteen string code that can successfully crash your Google Chrome browser in an instant. If you don’t want that to happen – do not type it in, click it, copy it or even hover over it with your mouse.
A bug has been found in the Google Chrome browser, which can crash it instantly. It is a simple sixteen string code, that when executed, just freezes the browser and pops-up a Windows error message that the program has stopped working. After that, the Chrome browser informs you that it has crashed.
What is This Code about?
The code in question is “https:// a /%%30%30“, but it has to be written without the spaces to be live-linked. It works on both PC and MAC versions of the program without a hitch. Apparently the Opera browser based on Chromium also crashes in the same way. The software engineer and security researcher Andris Atteka drew the attention to this problem in one of his blog posts. He also mentioned that was a similar bug found in Skype just a few months ago, where you type in a chat message the simple string code “https://:” and an inevitable crash occurs.
What is really interesting though is the fact that the mobile version of the Chrome browser does not seem to be affected. Also, other browsers are working stable when the same code is tested on them.
What Happens Inside Chrome?
Google has planted hidden gems such as games inside their products, but this defect was obviously not their intention. The above-written code converts so that it contains a NULL character at the end of the web address. The browser’s code is written in such a way that when the sixteen-character string is written, it is treated as an invalid URL. That URL is then checked a few times by the browser and when it remains invalid in the final check, which is an unexpected result, which in turn crashes the software.
When hovering with the mouse over the link, the invalid web address is sent to another part of the browser, which expects only valid ones which again results in a crash. This bug triggers a fatal exception also known as a SIGTRAP. Usually, SIGTRAP would terminate a process which reaches a fatal exception, but due to the fact that it is being debugged, the debugger will be notified of the signal and handle it, mostly by allowing you to inspect the condition of the process before continuing an execution of it.
Google has stated that the bug is not a security threat but just a debug error. On the Chromium project’s developer pages the issue arises as #533361: GURL re-canonicalization unescapes a second time, can invalidate previously-valid URL”. You can read further comments about it on there. You can also help Google to improve the security of Chromium by reporting security bugs on that site.
MUST READ
The Most Secure Browser for 2015
Browser Vulnerabilities and Organizations
$40,000 spent by Google on Chrome 43
Is Your Browser Safe?
Browsers are often targeted and exploited by unwanted software. To make sure that your browser, be it Chrome, Firefox, Explorer, or Safari, is running flawlessly, you may want to perform a full system scan via AV software of your choice.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: