16 chars that can crash your chrome browser!

[TeaNTronics]

i found some chrome bug on the web.
there is a new bug in google chrome that can crash your browser.
if you moving your mouse over this link (or long-pressing on mobile), or trying to open the link,
it will cause your browser to crash. i have tested this, it works.
here is the link (don't say i didn't warn you):

Code: [Select]

http://a/%%30%30

you can find more details about it here: http://www.theregister.co.uk/2015/09/20/chrome_url_crash/
there is also an bug issue on chromium: https://code.google.com/p/chromium/issues/detail?id=533361



edit: i had to put it on code quote so it won't crash your browser when you view it

[zapta]

It crashed mine. Good catch.

[Rerouter]

How does someone find a bug like this?

[krivx]

If this is yours I would submit it to the bounty program: https://www.google.com/about/appsecurity/chrome-rewards/

[PA0PBZ]

It's from Friday:

http://andrisatteka.blogspot.nl/2015/09/a-simple-string-to-crash-google-chrome.html
https://code.google.com/p/chromium/issues/detail?id=533361

Edit: I mean May : https://code.google.com/p/chromium/issues/detail?id=486912

[TeaNTronics]

How does someone find a bug like this?

i guess he just bump into it

If this is yours I would submit it to the bounty program: https://www.google.com/about/appsecurity/chrome-rewards/

i'm not the person who found this bug first, the person who found it is a bloger called Andris Atteka:
http://andrisatteka.blogspot.nl/2015/09/a-simple-string-to-crash-google-chrome.html

and he already filled a bug report at chromium:
https://code.google.com/p/chromium/issues/detail?id=533361

and he tried to submit the report to the reward program, but he got nothing:

Unfortunately no reward was awarded as this was deemed to be only a DOS vulnerability.
Anyway, making secure software is much harder than finding issues in it.
Thanks Google.

[TeaNTronics]

It's from Friday:

http://andrisatteka.blogspot.nl/2015/09/a-simple-string-to-crash-google-chrome.html
https://code.google.com/p/chromium/issues/detail?id=533361

Edit: I mean May : https://code.google.com/p/chromium/issues/detail?id=486912

that's interesting,
so it's not new, and someone first reported it about 4 months ago.
untill now google did nothing to fix it. 

[Jeroen3]

The link posted by TeaNTronics does not cause a crash. But it does if you add two more 'a' characters.
The mouseover in the bug report crashes all the tabs, but a navigating to the link crashes the entire browser.
Chrome Windows 45.0.2454.93 m

[G7PSK]

It crashes Opera as well as Chrome but unlike chrome opera bounces straight back up again.

[Jeroen3]

Well, opera uses the same engine on a different shell. Not that surprising.

[JacquesBBB]

It does not crash Safari.

[zapta]

Any guess what is special about this string?

[Bud]

Try converting to Windings

[Halcyon]

Tried it in Chrome 43.0.2357.134 m -- It did nothing.

[crispy_tofu]

Works on Chrome OS 46.0.2490.33 beta... it blanks the screen and recovers after a few seconds.