www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» BitCoin Wallet stealor New
Yesterday at 7:46 pm by Admin

» Muhammad Shahroze Rashid | Marketing Consultant
Yesterday at 1:48 pm by Admin

» Muhammad Shahroze Rashid | Sharp Mind, Sharp Innovations
Yesterday at 1:47 pm by Admin

» How to design an effective job ad
Yesterday at 1:45 pm by Admin

» Teen Patti Gold Hack & 3 Patti Chips Code Extra Bonus 2016
Tue Dec 06, 2016 4:38 am by shoytan er lara

» Content Marketing | Promotional Video
Fri Dec 02, 2016 2:45 pm by Admin

» How to start an Online Business | Complete Guide
Fri Dec 02, 2016 2:30 pm by Admin

» Zeeshan Bhatti
Wed Nov 30, 2016 3:18 pm by Admin

» USAA letter for scam page
Tue Nov 29, 2016 4:20 am by Hardyjsh1966

December 2016

MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
[email protected]
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

Aw, Snap! This 16-Character String Can Crash Your Google Chrome

Share

Admin
Admin

Posts : 455
Reputation : 5
Join date : 2014-12-10
Age : 24
Location : Pakistan

Aw, Snap! This 16-Character String Can Crash Your Google Chrome

Post by Admin on Sat Oct 17, 2015 10:56 am



Remember when it took only [You must be registered and logged in to see this link.] instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly.


Yes, you can crash the latest version of Chrome browser with just a simple tiny URL.


To do this, all you need to do is follow one of these tricks:



  • Type a 16-character link and hit enter

  • Click on a 16-character link

  • Just put your cursor on a 16-character link


Yes, that’s right. You don’t even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome.






All the tricks mentioned above will either kill that particular Chrome tab or kill the whole Chrome browser.


The issue was discovered by security researcher Andris Atteka, who explained in his [You must be registered and logged in to see this link.] that just by adding a NULL char in the URL string could crash Chrome instantly.


Atteka was able to crash the browser with a 26 character long string, which is given below:


WARNING: Don’t Click or even Point your cursor to the following Link otherwise it will crash your tab or even your whole Chrome browser.


[You must be registered and logged in to see this link.]

However, VentureBeat [You must be registered and logged in to see this link.] to crash the browser with even fewercharacters — only 16 Characters in total (given below).


[You must be registered and logged in to see this link.]


What’s actually Happening?



According to the researcher, this Chrome crash Bug actually is a “DOS vulnerability” and not a security flaw. Still, this bug has potential to make you lose all your open tabs and windows on Chrome browser.


Here’s the technical explanation given by Atteka:


“It seems to be crashing in some very old code. In the Debug build, it is hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it is hitting a CHECK in the Release build, I do not think this is actually a security bug, but I am going to leave it as such.”


The issue appears to be small but is actually serious, as it is possible for any of your friends to tweet out the link in question, and crash all Chrome users whose Twitter timeline will load that link.


In an attempt to bother you, your friends could even send this link in emails or messages.


In June, Skype was plagued by a similar bug that caused a crash from a simple text string: “[You must be registered and logged in to see this link.]“. These8-character string caused [You must be registered and logged in to see this link.] on the recipient’s system, without even displaying the message.


Atteka reported this latest Chrome crash bug to Google but didn’t receive any bounty from the company, as the bug is not really a security threat.


Google has yet to release a patch for this latest Chrome crash bug.


The bug affects all versions of the browser including Google Chrome 45, which is the current stable version of the browser, and crashes both Windows as well as Mac OS X versions of the browser.


Meanwhile, the mobile version of Chrome seems to be unaffected by this Chrome Crash Bug.

Update: The  readers have experienced that the Chrome Crash Bug also works on the mobile version of Chrome browser when a user tries to copy the malformed link in question.


I also checked the Chrome crash bug on my One Plus One handset and found that long tapping on the malformed link crashes Chrome tab on mobile version of Chrome as well.





    Current date/time is Thu Dec 08, 2016 10:48 am