1. Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as:

    All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial Aw, Snap! This 16-Character String Can Crash Your Google Chrome

Discussion in 'Windows Tools & Tips' started by Exhipper, Sep 22, 2015.

  1. Exhipper

    Exhipper Addict Established

    [​IMG]
    Remember when it took only Please or Register to view links instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly.
    Yes, you can crash the latest version of Chrome browser with just a simple tiny URL.
    To do this, all you need to do is follow one of these tricks:

    • Type a 16-character link and hit enter
    • Click on a 16-character link
    • Just put your cursor on a 16-character link
    Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome.




    All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser.
    The issue was discovered by security researcher Andris Atteka, who explained in his Please or Register to view links that just by adding a NULL char in the URL string could crash Chrome instantly.

    What's actually Happening?
    According to the researcher, this Chrome crash Bug actually is a "DOS vulnerability" and not a security flaw. Still, this bug has potential to make you lose all your open tabs and windows on Chrome browser.
    Here's the technical explanation given by Atteka:
    "It seems to be crashing in some very old code. In the Debug build, it is hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it is hitting a CHECK in the Release build, I do not think this is actually a security bug, but I am going to leave it as such."
    The issue appears to be small but is actually serious, as it is possible for any of your friends to tweet out the link in question, and crash all Chrome users whose Twitter timeline will load that link.
    In an attempt to bother you, your friends could even send this link in emails or messages.
    In June, Skype was plagued by a similar bug that caused a crash from a simple text string: " Please or Register to view links:". These 8-character string caused Please or Register to view links on the recipient's system, without even displaying the message.
    Atteka reported this latest Chrome crash bug to Google but didn’t receive any bounty from the company, as the bug is not really a security threat.
    Google has yet to release a pâtch for this latest Chrome crash bug.
    The bug affects all versions of the browser including Google Chrome 45, which is the current stable version of the browser, and crashes both Windows as well as Mac OS X versions of the browser.
    Meanwhile, the mobile version of Chrome seems to be unaffected by this Chrome Crash Bug.

    Update: The Hacker News readers have experienced that the Chrome Crash Bug also works on the mobile version of Chrome browser when a user tries to copy the malformed link in question.

    I also checked the Chrome crash bug on my One Plus One handset and found that long tapping on the malformed link crashes Chrome tab on mobile version of Chrome as well.

    Please or Register to view links

    HIT LIKE LANG PO KUNG WORKING SA INYO (y)
     

    Attached Files:

    You must or Register to view Attachment.
    vhiper24 likes this.
  2. vhiper24

    vhiper24 Addict Established

    Kahit Opera Browser nag crash din.
     
  3. Exhipper

    Exhipper Addict Established

    Cool. Good to hear that :rolleyes:
     
  4. thanks for sharing bossing(y)