“It
seems to be crashing in some very old code. In the Debug build, it's hitting a
DCHECK on an invalid URL in GURL, deep in some History code. Given that it's
hitting a CHECK in the Release build, I don't think this is actually a security
bug, but I'm going to leave it as such”
Developer
jww@chromium.org in response to Latvia-based software engineer and security
researcher Andris Atteka discovery of a bug that crashes the Google Chrome
browser
Google
isn't having a great year at all as it relates to hacking their programs. It's
almost as if a light has been shining on Google and discovering some serious
flaws.
The
Google Android 5.0 Lollipop lockscreen defeat discovered by Researchers at
University of Texas as reported in my blog article
entitled “University
of Texas discovers Google Android 5.0 Lollipop hack – How to unlock any Google
Android 5.0 Lollipop smartphone”.
The
latest discovery relates to the Google Chrome browser. Apparently, there is a
bug in the browser that allows the Browser to be crashed by typing in a special
string of characters as reported in the article “This
string of 16 characters will crash Chrome”, published September 20, 2015 by
Jason Hahn, Digitaltrends.
 |
The
bug was discovered by Latvia-based software engineer and security researcher
Andris Atteka and made public in a blog post published Friday, September 18,
2015 entitled “A
simple string to crash Google Chrome”.
The
string he used was a 26 character string as follows: http://biome3d.com/%%30%30.
Even
visiting his webpage and having it open on your browser causes the Chrome Tab
to crash. Then, surprisingly, Venturebeat, another technology blog, discovered
the 16 character string that can also crash the Google Chrome browser as
reported in the article “These
16 characters crash Google Chrome”, published SEPTEMBER 18, 2015 by Emil
Protalinski, Venturebeat.
That
string of characters is http://a/%%30%30.
What’s
even creepier is that the user doesn’t even have to paste the string of
character into the Browser address bar. If you hover your mouse over the link
or press Tab then press the link to open it in a new tab it'll crash the
current open tab in Google Chrome, even the entire Browser in some cases.
How a 16 Character
String crashes Google Chrome – Andris Atteka’s harmless Bug from Older Code
It
is also operating system agnostic, affecting the following versions of Google
Chrome Browser:
1.
Chrome for Windows
2.
Chrome for Mac
3.
Chrome for Linux
Only
Google Chrome for Android seems unaffected.
Still,
this isn’t a security threat, merely older code that's reacting to the string
of characters it can’t process, similar to telling a computer program to divide
by 0 as suggested in the article “This
16-Character Link Crashes Google's Chrome Browser”, published 21 September
2015 by Manish Singh, NDTV Gadgets.
To
this end Andris Atteka didn't get a bug bounty s it’s not that serious as
reported in the article “Google
Chrome Crashes Instantly With Simple URL String”, published September 20
2015 by Alexandra Burlacu, Tech Times.
But
rest assured this will be a great prank to play on unsuspecting friend as noted
in the article “Nasty
URL bug brings Google Chrome to a screeching halt”, published Sep 20, 2015
by Nick Mediati, PCWorld.
They
may unwittingly click on the link sent to them in an email over and over for
the next few days until Google issues a fix to the problem.
Here’s
the link:
No comments:
Post a Comment