There is a single sixteen string code that can successfully crash your Google Chrome browser in an instant. If you don’t want that to happen – do not type it in, click it, copy it or even hover over it with your mouse.
A bug has been found in the Google Chrome browser, which can crash it instantly. It is a simple sixteen string code, that when executed, just freezes the browser and pops-up a Windows error message that the program has stopped working. After that, the Chrome browser informs you that it has crashed.
What is This Code about?
The code in question is “https:// a /%%30%30“, but it has to be written without the spaces to be live-linked. It works on both PC and MAC versions of the program without a hitch. Apparently the Opera browser based on Chromium also crashes in the same way. The software engineer and security researcher Andris Atteka drew the attention to this problem in one of his blog posts. He also mentioned that was a similar bug found in Skype just a few months ago, where you type in a chat message the simple string code “https://:” and an inevitable crash occurs.
What is really interesting though is the fact that the mobile version of the Chrome browser does not seem to be affected. Also, other browsers are working stable when the same code is tested on them.
What Happens Inside Chrome?
Google has planted hidden gems such as games inside their products, but this defect was obviously not their intention. The above-written code converts so that it contains a NULL character at the end of the web address. The browser’s code is written in such a way that when the sixteen-character string is written, it is treated as an invalid URL. That URL is then checked a few times by the browser and when it remains invalid in the final check, which is an unexpected result, which in turn crashes the software.
When hovering with the mouse over the link, the invalid web address is sent to another part of the browser, which expects only valid ones which again results in a crash. This bug triggers a fatal exception also known as a SIGTRAP. Usually, SIGTRAP would terminate a process which reaches a fatal exception, but due to the fact that it is being debugged, the debugger will be notified of the signal and handle it, mostly by allowing you to inspect the condition of the process before continuing an execution of it.
Google has stated that the bug is not a security threat but just a debug error. On the Chromium project’s developer pages the issue arises as #533361: GURL re-canonicalization unescapes a second time, can invalidate previously-valid URL”. You can read further comments about it on there. You can also help Google to improve the security of Chromium by reporting security bugs on that site.
Is Your Browser Safe?
Browsers are often targeted and exploited by unwanted software. To make sure that your browser, be it Chrome, Firefox, Explorer, or Safari, is running flawlessly, you may want to perform a full system scan via AV software of your choice.