All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser.
The issue was discovered by security researcher Andris Atteka
, who explained in his [You must be registered and logged in to see this link.]
that just by adding a NULL
char in the URL string could crash Chrome instantly.
Atteka was able to crash the browser with a 26 character long string, which is given below:
WARNING: Don’t Click or even Point your cursor to the following Link otherwise it will crash your tab or even your whole Chrome browser.
However, VentureBeat [You must be registered and logged in to see this link.]
to crash the browser with even fewer
characters — only 16 Characters in total (given below).
What’s actually Happening?
According to the researcher, this Chrome crash Bug actually is a “DOS vulnerability” and not a security flaw. Still, this bug has potential to make you lose all your open tabs and windows on Chrome browser.
Here’s the technical explanation given by Atteka:
“It seems to be crashing in some very old code. In the Debug build, it is hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it is hitting a CHECK in the Release build, I do not think this is actually a security bug, but I am going to leave it as such.”
The issue appears to be small but is actually serious, as it is possible for any of your friends to tweet out the link in question, and crash all Chrome users whose Twitter timeline will load that link.
In an attempt to bother you, your friends could even send this link in emails or messages.
In June, Skype was plagued by a similar bug that caused a crash from a simple text string: “[You must be registered and logged in to see this link.]
“. These8-character string caused [You must be registered and logged in to see this link.]
on the recipient’s system, without even displaying the message.
Atteka reported this latest Chrome crash bug to Google but didn’t receive any bounty from the company, as the bug is not really a security threat.
Google has yet to release a patch for this latest Chrome crash bug.
The bug affects all versions of the browser including Google Chrome 45, which is the current stable version of the browser, and crashes both Windows as well as Mac OS X versions of the browser.
Meanwhile, the mobile version of Chrome seems to be unaffected by this Chrome Crash Bug.
Update: The readers have experienced that the Chrome Crash Bug also works on the mobile version of Chrome browser when a user tries to copy the malformed link in question.
I also checked the Chrome crash bug on my One Plus One handset and found that long tapping on the malformed link crashes Chrome tab on mobile version of Chrome as well.