The Hacker News Logo
Subscribe to Newsletter

Aw, Snap! This 16-Character String Can Crash Your Google Chrome

google-chrome-crash
Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly.

Yes, you can crash the latest version of Chrome browser with just a simple tiny URL.

To do this, all you need to do is follow one of these tricks:
  • Type a 16-character link and hit enter
  • Click on a 16-character link
  • Just put your cursor on a 16-character link
Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome.

All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser.

The issue was discovered by security researcher Andris Atteka, who explained in his blog post that just by adding a NULL char in the URL string could crash Chrome instantly.

Atteka was able to crash the browser with a 26 character long string, which is given below:

WARNING: Don't Click or even Point your cursor to the following Link otherwise it will crash your tab or even your whole Chrome browser.
However, VentureBeat managed to crash the browser with even fewer characters — only 16 Characters in total (given below).

What's actually Happening?


According to the researcher, this Chrome crash Bug actually is a "DOS vulnerability" and not a security flaw. Still, this bug has potential to make you lose all your open tabs and windows on Chrome browser.

Here's the technical explanation given by Atteka:
"It seems to be crashing in some very old code. In the Debug build, it is hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it is hitting a CHECK in the Release build, I do not think this is actually a security bug, but I am going to leave it as such."
The issue appears to be small but is actually serious, as it is possible for any of your friends to tweet out the link in question, and crash all Chrome users whose Twitter timeline will load that link.

In an attempt to bother you, your friends could even send this link in emails or messages.

In June, Skype was plagued by a similar bug that caused a crash from a simple text string: "http://:". These 8-character string caused Skype to instantly crash on the recipient's system, without even displaying the message.

Atteka reported this latest Chrome crash bug to Google but didn’t receive any bounty from the company, as the bug is not really a security threat.

Google has yet to release a patch for this latest Chrome crash bug.

The bug affects all versions of the browser including Google Chrome 45, which is the current stable version of the browser, and crashes both Windows as well as Mac OS X versions of the browser.

Meanwhile, the mobile version of Chrome seems to be unaffected by this Chrome Crash Bug.

Update: The Hacker News readers have experienced that the Chrome Crash Bug also works on the mobile version of Chrome browser when a user tries to copy the malformed link in question.

I also checked the Chrome crash bug on my One Plus One handset and found that long tapping on the malformed link crashes Chrome tab on mobile version of Chrome as well.
SHARE
Comments
Latest Stories
Top Deals

Always First — Subscribe

Over 500,000 Information Security professional read and trust our news platform. Join them and get all latest hacking news, free eBooks delivered to your inbox - free!