Monday, September 21, 2015

How Andris Atteka’s 16 Character String crashes Google Chrome – Pranks galore until Google fixes this problem

“It seems to be crashing in some very old code. In the Debug build, it's hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it's hitting a CHECK in the Release build, I don't think this is actually a security bug, but I'm going to leave it as such”

Developer jww@chromium.org in response to Latvia-based software engineer and security researcher Andris Atteka discovery of a bug that crashes the Google Chrome browser

Google isn't having a great year at all as it relates to hacking their programs. It's almost as if a light has been shining on Google and discovering some serious flaws.

The Google Android 5.0 Lollipop lockscreen defeat discovered by Researchers at University of Texas as reported in my blog article entitled “University of Texas discovers Google Android 5.0 Lollipop hack – How to unlock any Google Android 5.0 Lollipop smartphone”. 

The latest discovery relates to the Google Chrome browser. Apparently, there is a bug in the browser that allows the Browser to be crashed by typing in a special string of characters as reported in the article “This string of 16 characters will crash Chrome”, published September 20, 2015 by Jason Hahn, Digitaltrends.

The bug was discovered by Latvia-based software engineer and security researcher Andris Atteka and made public in a blog post published Friday, September 18, 2015 entitled “A simple string to crash Google Chrome”.

The string he used was a 26 character string as follows: http://biome3d.com/%%30%30.

Even visiting his webpage and having it open on your browser causes the Chrome Tab to crash. Then, surprisingly, Venturebeat, another technology blog, discovered the 16 character string that can also crash the Google Chrome browser as reported in the article “These 16 characters crash Google Chrome”, published SEPTEMBER 18, 2015 by Emil Protalinski, Venturebeat.

That string of characters is http://a/%%30%30. 

What’s even creepier is that the user doesn’t even have to paste the string of character into the Browser address bar. If you hover your mouse over the link or press Tab then press the link to open it in a new tab it'll crash the current open tab in Google Chrome, even the entire Browser in some cases.  

How a 16 Character String crashes Google Chrome – Andris Atteka’s harmless Bug from Older Code

It is also operating system agnostic, affecting the following versions of Google Chrome Browser:

1.      Chrome for Windows
2.      Chrome for Mac
3.      Chrome for Linux

Only Google Chrome for Android seems unaffected.

Still, this isn’t a security threat, merely older code that's reacting to the string of characters it can’t process, similar to telling a computer program to divide by 0 as suggested in the article “This 16-Character Link Crashes Google's Chrome Browser”, published 21 September 2015 by Manish Singh, NDTV Gadgets.

To this end Andris Atteka didn't get a bug bounty s it’s not that serious as reported in the article “Google Chrome Crashes Instantly With Simple URL String”, published September 20 2015 by Alexandra Burlacu, Tech Times

But rest assured this will be a great prank to play on unsuspecting friend as noted in the article “Nasty URL bug brings Google Chrome to a screeching halt”, published Sep 20, 2015 by Nick Mediati, PCWorld

They may unwittingly click on the link sent to them in an email over and over for the next few days until Google issues a fix to the problem.

Here’s the link:


No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.