Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Chrome Bug Security

Crash Chrome With 16 Characters 205

An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).
This discussion has been archived. No new comments can be posted.

Crash Chrome With 16 Characters

Comments Filter:
  • It's not just Chrome (Score:5, Informative)

    by Duckman5 ( 665208 ) on Saturday September 19, 2015 @12:36PM (#50556439)
    I just fired up Opera (shares the Blink engine) and gave it a try. Sure enough, it crashed and restarted. Wonder where the issue is...
    • by Shinobi ( 19308 )

      Vivaldi crashes too, on Windows and Linux.

    • by Anonymous Coward

      According to TFS, it should work on v45 and older. It does not crash Chromium. I entered "http: //a/%%30%30" (without the quotes) then "http://a/%%30%30" (without the quotes) into the address bar, and it just took me to the Startpage web search in both cases (as it should). FWIW, I'm using Chromium Version 44.0.2403.89 Ubuntu 14.04 (64-bit), on Xubuntu 14.04.

      • by Rei ( 128717 )

        Doesn't crash me either. google-chrome 43.0.2357.134, Fedora 22.

      • by bbruun ( 1697266 )
        Same here on 44.0.2403.155 (64bit).
        Using the http://a/%2500 [a] version just brings up a blank page and using just //a/%%30%30 brings up an unknown file page

        I'm fustrated, has /. become a text version of bad tumblr GIF's?

      • It does not crash Chromium.

        Crashes my Chromium quite nicely, thank you. About says it's "Version 45.0.2454.85 Built on 8.1, running on Debian 8.2 (64-bit)". Just entering it on the URL line doesn't do anything, but as soon as I hit enter, boom, Chromium just terminates. Ah, the joys of being up-to-date on your patches...

      • Crashes (or more precisely: starts to redirect and then proceeds to close down all instances) as soon as I hit enter
        Chromium Version 45.0.2454.93 (64-bit) on Arch Linux

      • It does not crash the copy of Chrome running on my Win7 machine. I let the machine automatically update when it feels like it; the machine is currently running Chrome 45.0.2454.93

        When I paste http: //a/%%30%30 into the address bar, I seem to get a web search for 30 30, with the first two hits being .30-30 Winchester - Wikipedia & 30/30 Poetry. I get the exact same behavior pasting into the search box. So it seems the current default behavior is to treat a malformed URL as a text search.

        P.S. T

        • by Reziac ( 43301 ) *

          This starts to look like it's somewhere between browser and OS, rather than just in the browser. Or at least requires something from the OS to trigger the bug.

      • by Reziac ( 43301 ) *

        Didn't crash Chrome v. 35.0.1916.153 either. It did make it go to my home page, which happens to be about:blank.

        SeaMonkey and PaleMoon just did "site not found".
         

    • by goombah99 ( 560566 ) on Saturday September 19, 2015 @01:28PM (#50556691)

      Mine just pulled up website with Larry Paige telling me I got the golden ticket and will am invited to tour the Google Chocolate Factory with my uncle Joe.

    • by pack27 ( 3945973 )
      It doesn't just share Blink; Opera is based completely off of the Chromium source code.
  • by Macdude ( 23507 ) on Saturday September 19, 2015 @12:47PM (#50556477)

    New @Midnight game:

    Crash a Browser in 16 Characters

  • "Oh shit! Someone found a buffer overflow in our browser. Someone increase MAX_CHARS for that field to 32!"

    "That's ridiculous! No computer can handle 32 things!"

  • by Behrooz Amoozad ( 2831361 ) on Saturday September 19, 2015 @12:51PM (#50556509)
    [6918:6918:0919/221732:FATAL:navigation_controller_impl.cc(927)] Check failed: active_entry->site_instance() == rfh->GetSiteInstance().
    Doesn't crash if the url is passed as an argument. Just opens up about:blank(not default behavior)
    4.1.6-1-ARCH x86_64 GNU/Linux
  • Apparently I've been neglecting Chrome on this old image for quite a long time. Chrome 21, Mac OS 10.6.8. No crash observed.

    • by sims 2 ( 994794 )

      Chrome 26, Windows xp.
      Url does not crash browser but hovering over link does crash tab.

  • by hcs_$reboot ( 1536101 ) on Saturday September 19, 2015 @12:56PM (#50556533)
    creating a link <a href="http://something.com/somewhere/%%30%30/sometime">this crashes</a> and hovering the mouse over it crashes!
    It seems it's the %%30%30 which causes that (this should be unescaped as "%300").
  • "Browser Golf."
  • by mspohr ( 589790 ) on Saturday September 19, 2015 @01:01PM (#50556551)

    I type //a/%%30%30 all the time! (It's the combination to my luggage)

  • by Chas ( 5144 ) on Saturday September 19, 2015 @01:09PM (#50556595) Homepage Journal

    Okay, put //a/%%30%30 in the URL bar. Didn't crash anything.

    Put it in the search box on the default search page and it puked immediately.

    45.0.2454.93

  • Google calls the URL bar "Omnibox", and it will search Google as soon as you start typing in it. I would suspect this is causing the problem, since a regular (non-Omni) URL bar is a very simple thing.

    I went to Settings to disable Omnibox and test my theory. Unfortunately there seems to be no way to disable the Omnibox in Chrome.

  • Chrome Version 43.0.2357.134 on Linux, just gets me a blank page.

  • by JustAnotherOldGuy ( 4145623 ) on Saturday September 19, 2015 @01:25PM (#50556671) Journal

    I tried it on Internet Explorer and not only did the browser crash, it billed me for $299.95. Also, every site I browse now appears to be Russian porn.

    • every site I browse now appears to be Russian porn.

      Which apparently includes Slashdot. Is there some Slashdot section I don't know about?

      • every site I browse now appears to be Russian porn.

        Which apparently includes Slashdot. Is there some Slashdot section I don't know about?

        What, you've never seen the "Your Porn Online" section?

        • What, you've never seen the "Your Porn Online" section?

          Does it feature Bennett Haselton and CowboyNeal? :)~

      • Which apparently includes Slashdot. Is there some Slashdot section I don't know about?

        Absolutely, the porn section is the only reason I come here. You didn't think I came here for the articles, did you?

    • Also, every site I browse now appears to be Russian porn.

      Oh please tell me how to do this!

  • NO crash with the current chromium on the current opensuse

    the website "a/%" fallowed by two zeros is just a bad url and it tossed

  • Chromium Version 44.0.2403.89, Ubuntu 15.04. Changes "http://a/%%30%30" to "chrome://chrome/" and no apparent ill effects, including no crash. There is a reason why it is a good idea to let the Debian/Ubuntu devs do your QA for you.

    • Interesting message from Safari after pasting the URL:

      "Safari can't open the page "a/%25%30%30" because Safari can't find the server "a". "

      So it translates % to %25, then %30 to %30 and %30 to %30. Interesting.
  • Comment removed based on user account deletion
  • by Guy Harris ( 3803 ) <guy@alum.mit.edu> on Saturday September 19, 2015 @02:18PM (#50556969)

    Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser.

    Gee, I typed in http://sonic.com [sonic.com] and hit Enter, and it worked Just Fine.

    Perhaps they meant to say "Typing in a particular 16-character link, clicking on a particular 16-character link, or even just putting your cursor over a particular 16-character link, will crash Google's browser."

  • by Pikoro ( 844299 ) <init.init@sh> on Saturday September 19, 2015 @05:21PM (#50557935) Homepage Journal

    Copy and paste the url into incognito mode will crash all chrome processes, not just the new window. Interesting.

  • I can do it in 15. ftp:// [ftp] works too!
  • Not disabling webfonts using the "--disable-remote-fonts" commandline parameter with Chrome under Windows XP will get you random Chrome crashes and even BSODs while visiting Google sites like Youtube.
    Seems like an old win32k.sys vulnerability that was supposedly patched in 2009.

  • "Look ma, I've put the chrome in the dishwasher and now it won't facebook, what a piece of crap"

  • Version 46.0.2490.33 beta (64-bit) ..
  • I use chromium 34.0.1847.137 and ... nothing happens when I copy/paste that url (yes - I deleted that space).

    No Crash. No nothing.

    So I guess Google added something to their Chrome that breaks stuff.

  • Tried to share the URL in FB. It seemed trying to load the link forever. Wonder whether some threads (or whatever request processing mechanism) has crashed :)

news: gotcha

Working...