Eager to learn how to crash the latest version of Google Chrome web browser instantly? If, yes then this post is for you. A bug in Google’s Chrome allows you to crash the web browser when clicking on or hovering the mouse cursor over a 16-charcter text string placed on a web page.
The simple URL bug in Chromium engine was discovered by Andris Atteka, a security researcher from Latvia, and reported to Google. Placing the null characters, in this case, %%30%30 or similar at the end of the URL causes Google Chrome to choke instantly through a series of attempts to rationalize the web address.
Below are the two forms of the offending URL – we won’t put them in this article as-is because they will crash your opened tab or entire web browser. And that’ll not be nice.
Entering the above string into the address bar and pressing Enter, causes either the current Chrome tab to crash or the whole web browser.
What’s Actually Happens:
%%300at the end of the URL is converted into
0x30is the ASCII code for ‘0’. The
%%300becomes this string of characters: the original ‘%’, the converted ‘0’, and the original ‘0’. Combined, that’s ‘%00’.) This sticks a NULL byte at the end of the web address.
- This URL is passed to
- This causes the URL to be processed again, hitting the NULL byte. It figures that shouldn’t be there and marks the URL as invalid.
- The code path returns to
GURLToDatabaseURL()which expects the URL to be still valid and calls
- But the URL is invalid, which is unexpected, and so the function hits a
DCHECK() that causes the software to bail out – even on the release build.
- When hovering the mouse cursor over the URL, the web address, which is marked as invalid, is sent to another part of the web browser that expects valid-only addresses – causing the tab to be blown away.
We’ve tested it on Google Chrome 45.0.2454.93 on both Windows 10 and OS X El Capitan in Mac, and both flavors of the browser are venerable.
Did this simple hack help you to crash Google Chrome Web Browser? Do let us know in the comments below.