Chromium Hack : 16 Special Characters can crash Chrome

Google Chrome latest build can be crashed with 16 characters

A new hack has been discovered which can crash Chrome latest version on Windows PCs. The hack was discovered by a Redditor, j3rry, can crash the latest build of Chrome even if someone hovers with mouse over the link.

The bug also affects latest versions of  Opera while opening the special characters in Firefox causes the browser to load deformed url.

If you want to try out the bug just type out

Chromium Hack  16 Special Characters can crash Chrome

into your browser address bar.  However the bug does not affect Chrome on Mac PCs or on Android smartphones. Though some users have noted that the Chrome build on Android smartphones returns the dreadful ‘Aw! Snap’ error page.

The bug is caused to incorrect handling of the parameters in the characters. Both %30 is decoded to 0, then %00 is decoded to null, which then crashes Chrome.

The bug has been reported to the Google security team here. Even on this page, if you take your mouse towards where the specially crafted URL is given can crash your Chrome tab. Surprisingly my browser did not crash when I copy pasted the URL into this article.

VULNERABILITY DETAILS
Browser crashes

VERSION
Chrome Version: 45.0.2454.93 m
Operating System: windows

REPRODUCTION CASE
visit https://aaa.com/%%30%30

LEAVE A REPLY

Please enter your comment!
Please enter your name here