These 16 characters crash Google Chrome

The venturebeat.com posted about special characters that can crash your Google Chrome browser (original post found HERE). Have fun crashing your browser now … just copy http://a/%%30%30 and paste that into your browser, wait for it and CRASH. The image above is what you will see. Below is the post from venturebeat.com.

Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link will crash Google’s browser.

The bug was discovered by Andris Atteka, who explained on his blog that you can easily trip up Chrome just by adding a null character in the URL string. His example was 26 characters long, but we have managed to shave off 10 characters to produce an even simpler string that will crash Chrome.

To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar:

http://a/%%30%30

Either your Chrome tab or the whole Chrome browser will crash.chrome_crashAtteka reported the bug to Google today (Chromium issue). Here’s the technical explanation of what’s happening:

It seems to be crashing in some very old code. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it’s hitting a CHECK in the Release build, I don’t think this is actually a security bug, but I’m going to leave it as such.

Atteka did not receive a bounty from Google because this is not a security threat, per se. Still, it’s easy to see how the bug could be abused to impact many Chrome users.

Hovering your cursor over the link will crash your Chrome tab as well, along with every other tab like it. Try it yourself by opening Atteka’s blog post or the Chromium report in a few tabs and putting your cursor over the example link provided. The only reason the above example doesn’t work is that we purposefully didn’t hyperlink it so that you could read this article in peace.chrome_tab_crashIn our tests, Chrome for Windows and Chrome for Mac are both affected. Interestingly, I couldn’t reproduce this bug in Chrome for Android. No matter where I inserted the null character, the browser refused to crash on my phone.

This isn’t the first time a link has been discovered that could instantly crash Chrome. A similar issue was discovered just for Mac in March and another wasdiscovered for all desktop platforms in April. Both were quickly fixed.

We’ve reached out to Google for more information and will update you if we hear back.

2 thoughts on “These 16 characters crash Google Chrome”

  1. Normally an application crashes because inefficient ram.so it can be avoided by better ram management, so we have to disable all other application that we don’t need at that timelike antivirus that is not needed, can be disabled temporary at that time.

  2. Just copy and paste the following string in your Google Chrome (Chrome 45 or older) address bar, hit Enter and watch your Chrome tab or the whole Chrome browser will crash.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.