If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by Atteka is a 26 character string and the details are available on a blog written by him.
However, VentureBeat has identified a similar string which requires 10 characters less to crash Chrome. These two are Null Character strings. The browser can crash not just when it is pasted or typed in the URL address bar but also if it is clicked and even when the cursor is placed on it.
Below are the two strings but be careful as simply moving the cursor over it can crash your Chrome.
Atteka’s 26 character String:
16 character string:
While reporting the bug to Google, Atteka gave the stated:
“It seems to be crashing in some very old code. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it’s hitting a CHECK in the Release build, I don’t think this is actually a security bug, but I’m going to leave it as such.”
The string crashes not just the particular tab in which it is displayed but also crashes all the other open tabs. Skype faced a similar issue back in June when an 8 character string would crash it. The issue with Skype has now been resolved.
Although Atteka reported the bug to Google, Chrome is yet to receive a patch. The bug exists in Chrome for Windows and Mac but it does Chrome for Android is unaffected by it. Similar issues with Chrome were reported earlier as well. In March this year, a similar bug was detected in Chrome for Mac and in April, it was detected in Chrome for Windows.
