A string could be used to crash Google Chrome

So how can you crash Google Chrome? By adding a NULL char in the URL string:

http://biome3d.com/%%30%30

Unfortunately no reward was awarded as this was deemed to be only a DOS vulnerability. Anyway, making secure software is much harder than finding issues in it. Thanks Google." wrote Andris Atteka.

Experts at The Register published the image of two URLs that could be used to crash Chrome, users can kill their browser just rolling the mouse over them in a page, or launching them from another application such as an email client, or pasting them into the address bar.

chrome crash The above URLs trigger a breakpoint rather than exploit a buffer overflow vulnerability.

The two URL works on Chrome 45.0.2454.93 on OS X El Capitan and Windows 10 and also Opera 32.0 which is based on Chromium 45 crash. The experts also noticed Chromebooks crashing by managing the URL, meanwhile Android's Chrome seems to be immune.

The Register provided a detailed analysis of the way the URLs crash the Chrome browser.

%%300
at the end of the URL is converted into
%00
(
0x30

is the ASCII code for '0'. The %%300 becomes this string of characters: the original '%', the converted '0', and the original '0'. Combined, that's '%00'.) This sticks a NULL byte at the end of the web address.

This URL is passed to

GURLToDatabaseURL()
which calls
ReplaceComponents()
.

This causes the URL to be processed again, hitting the NULL byte. It figures that shouldn't be there and marks the URL as invalid.
The code path returns to

GURLToDatabaseURL()

which expects the URL to still be valid, and calls

spec()
on it.

But the URL is invalid, which is unexpected, and so the function hits a

DCHECK
() that causes the software to bail out – even on the release build.

When hovering the mouse over the URL, the web address, which is marked as invalid, is sent to another part of the browser that expects valid-only addresses – causing the tab to be blown away.

The Chromium team is currently working to fix the issue.

Sidebar

About The CISSP Certification

Certified Ethical Hacker Certification

Certified in Risk and Information Systems Control

Certified Information Security Manager Certification

Certified Information Systems Auditor Certification

CISSP Certification FAQs

Computer Hacking Forensic Investigator Certification

Free CISSP Practice exams

ISACA Code of Professional Ethics

Dual Ransomware Variants Impacting the Same Victims and Data Destruction Trends

Amplifying Automation with AI & Strong Security Measures

CommonSpirit Health cyberattack, month-long network outage cost $150M

‘Jackpot’: Hacker Snags TSA No-Fly List

Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Report: Air-Gapped Networks Vulnerable to DNS Attacks

More

Certifications

Latest News

Share This

More

Follow us