Researcher Discovers One Little Link That Can Take Down Your Chrome Browser
{{#rendered}} {{/rendered}}
While there’s concern over the sophisticated techniques used by black-hat hackers, sometimes a simple code error is enough to do some damage. Just as a microscopic germ can take down a healthy immune system, a recently discovered short string of characters can crash a whole Google Chrome browser.
Entering the phrase “http://a/%%30%30” -- without quotation marks -- into the address bar and hitting the “Enter” key will cause either the tab or the whole browser to shut down, and any unsaved work open in the browser could be lost. As a hyperlink, the string of characters is also dangerous to anyone who clicks on it or just hovers their mouse over the link, The Guardian reports.
Related: Samsung, Google to Release Monthly Android Security Patches
{{#rendered}} {{/rendered}}
A security researcher from Latvia named Andris Atteka discovered the bug four days ago, according to his blog. The issue seems to be that the string contains null characters -- or characters that Chrome doesn’t recognize as valid letters, numbers or symbols. When this string is activated in Chrome, the browser crashes as it attempts to process the URL.
“The issue appears to be small but is actually serious, as it is possible for any of your friends to tweet out the link in question, and crash all Chrome users whose Twitter timeline will load that link,” TheHackerNews.com explains.
According to his blog, Atteka wasn’t compensated for his findings because the bug is considered a “DOS vulnerability,” not a security risk.
{{#rendered}} {{/rendered}}
The bug affects current versions of Chrome for Windows and OS X, but The Guardian reports that versions of Chrome for Android phones don’t crash. While this Reddit thread points out development tools and Android web view are not immune to the bug, Chromium developers have found a fix for the issue. It will take time before the corrected code makes its way to Chrome users.
Related: Microsoft Offers Up to $100,000 to People Who Identify Security Bugs