Google Chrome can be crashed with just a small, apparently innocent web address.
Typing “http://a/%%30%30” into Chrome, or simply putting a mouse over a hyperlink to it, forces the browser to break and have to be re-opened. There doesn’t yet appear to be any fix.
The problem, found by a security researcher called Andris Atteka, has been reported to Google. The company has said that it is working on a fix.
The problem does not appear to threaten the security of the computer. It works only by forcing the browser to crash, rather than loading anything malicious, and so is annoying rather than dangerous.
It does mean that sending someone the link could force them to lose any work that they have unsaved in their browser. Chrome can re-open tabs and windows, but doesn’t by default save the information entered in text fields or anywhere else, so opening the link party way through writing a form could lead to losing all of that work, for instance.
The apparently innocent, but in fact very annoying, bug is similar to the “effective power” one that was found in iOS earlier this year. That string of text, when sent in a text message, made the phone grind to a halt — though it has now been fixed.
The bug has been fixed in Chromium, the open-source browser that Google gets the code for Chrome from. But it will have to make its way through the early versions of the application before it is actually added to the versions of Chrome that are used by normal people.
[amazon template=iframe image2&asin=B00VEB0F22][amazon template=iframe image2&asin=B0117H62QK][amazon template=iframe image2&asin=B01082CP4S][amazon template=iframe image2&asin=B00FB374Q4]