Google Chrome latest build can be crashed with 16 characters
A new hack has been discovered which can crash Chrome latest version on Windows PCs. The hack was discovered by a Redditor, j3rry, can crash the latest build of Chrome even if someone hovers with mouse over the link.
The bug also affects latest versions of Opera while opening the special characters in Firefox causes the browser to load deformed url.
If you want to try out the bug just type out
“http://a/%%30%30”
into your browser address bar. However the bug does not affect Chrome on Mac PCs or on Android smartphones. Though some users have noted that the Chrome build on Android smartphones returns the dreadful ‘Aw! Snap’ error page.
The bug is caused to to incorrect handling of the parameters in the characters. Both %30 is decoded to 0, then is decoded to null, which then crashes Chrome.
The bug has been reported to the Google security team here. Even on this page, if you take your mouse towards where the specially crafted URL is given can crash your Chrome tab. Surprisingly my browser did not crash when I copy pasted the URL into this article.
VULNERABILITY DETAILS
Browser crashes
VERSION
Chrome Version: 45.0.2454.93 m
Operating System: windows
REPRODUCTION CASE
visit http://aaa.com/%%30%30
Kaynak : http://www.techworm.net/2015/09/chromium-hack-16-special-characters-can-crash-chrome.html
