Google Chrome Crashed with 16 Character String
Posted by: Timothy Weaver on 09/23/2015 09:58 AM
[
Comments
]
Software engineer and security researcher Andris Atteka, a Latvian independent blogger, has posted that a simple 16 character string will crash Google Chrome.
The string is http:// a /%%30%30 ( Not a live string ).
If the code is live-linked on a web page (as it is not here), simply hovering your mouse over the code will crash Chrome on PC and Mac versions of the browser.
Chris Williams explains: "[This fatal exception occurs] rather than the usual memory access violation error caused by an overrun buffer, heap corruption, or similar – even in released code. This means some part of the executable was reached that the programmers never expected normal users to hit. As it turns out, the code at fault is some really old stuff.”
Mobile versions on Chrome do not appear to be affected and the code does not have the same impact upon Firefox, Safari or Microsoft Edge.
“Recently I reported a crash bug in Google Chrome (issue #533361). This issue reminded me of the recent Skype vulnerability - both occur with simple URL strings. So how can you crash Google Chrome? By adding a NULL char in the URL string,” writes Atteka.
Jaromir Horejsi, malware analyst at Avast, wrote: “Here, we see the perfect example of a fatal exception."
Source: SCMagazine
The string is http:// a /%%30%30 ( Not a live string ).If the code is live-linked on a web page (as it is not here), simply hovering your mouse over the code will crash Chrome on PC and Mac versions of the browser.
Chris Williams explains: "[This fatal exception occurs] rather than the usual memory access violation error caused by an overrun buffer, heap corruption, or similar – even in released code. This means some part of the executable was reached that the programmers never expected normal users to hit. As it turns out, the code at fault is some really old stuff.”
Mobile versions on Chrome do not appear to be affected and the code does not have the same impact upon Firefox, Safari or Microsoft Edge.
“Recently I reported a crash bug in Google Chrome (issue #533361). This issue reminded me of the recent Skype vulnerability - both occur with simple URL strings. So how can you crash Google Chrome? By adding a NULL char in the URL string,” writes Atteka.
Jaromir Horejsi, malware analyst at Avast, wrote: “Here, we see the perfect example of a fatal exception."
Source: SCMagazine
Comments
