Chromium Hack : special 13 character can crash Chrome Browser Tab on a Mac PC

These 13 characters will crash your Chrome Browser tab on a Mac PC

No browsers are safe as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different.  A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC.

The code is a 13 character special string which appears to be written in Assyrian script and is given below :

Chromium Hack : special 13 character can crash Chrome Browser Tab on a Mac PC

This code works only on Mac and that too only on Google Chrome. You can find the bug report about the same here. If you are a Mac user and using Chrome kindly do not click on the link.

Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.

Chrome Version : 41.0.2272.89 64 bit
OS version : 10.95
Behavior in Safari 3.x/4.x : Renders squares/doesn’t crash
Behavior in Chrome for Windows: Renders correctly

What steps will reproduce the problem?
1. Any page with ????? ??? ????? will crash the chrome tab on a Mac
2. Just create any dummy page with the unicode characters, and the Mac Chrome tab will crash hard

What is the expected result?
Expect it not to crash

What happens instead?
It crashes

Other
This is pretty serious. You could imagine someone spamming this message in hangouts/gmail and just straight-up force crashing all Mac Chrome browsers. Someone could post this on Facebook, and force-crash all Mac Chrome browers that saw it.

The crash ID of the bug in chrome://crashes is d043b37f53c2436f and users have reported that in some cases it doesnt always crash Chrome but the 13 characters are shown as small rectangles. If you are using a old smartphone you will be familiar with these rectangles if someone sends you a smiley from a iPhone or latest Android smartphone. Apparently these small rectangles are shown when a obsolete system cant read the script. Even opening the code in Apple Safari throws up similar rectangles.

The bug looks to be small and inconsequential but in the right hands it can cause deliberate problems. Imagine if someone makes a tweet with this script or someone posts in on his/her Facebook timeline. All Mac users who use Chrome to view Twitter/Facebook will find their tabs crashing because of the code present in the content.

As Matt C puts it, “This is pretty serious. You could imagine someone spamming this message in Hangouts/Gmail and just straight-up force crashing all Mac Chrome browsers.”

PS : Opening this page in Google Chrome might as well crash your tab on Mac PC.

2 COMMENTS

  1. Umm. Just so you know, you just quoted the problem string. You might want to remove it from your website so you don’t crash any mac browsers. It’s kind of funny though. You post a link saying don’t click if your using mac chrome then quote the entire bug quote that includes the problem string.

LEAVE A REPLY

Please enter your comment!
Please enter your name here