This 16-Character Link Crashes Google’s Chrome Browser

There are a number of ways to crash your Web browser. Just open tons of tabs and it is likely to give up after a certain point. Try installing too many extensions and the browser will suddenly start to get unresponsive. But if you use Chrome Web browser, it turns out there is a simpler way to crash it. Just enter in a specific 16-character string in the address bar of Chrome and it will disappear as if it saw a ghost.

Entering in the following 16-character link “http://a/%%30%30” (without the quotes) crashes Chrome. The bug, first discovered by Andris Atteka, allows a user to crash Chrome by adding a null character to a URL. Atteka devised a string of 26 characters that could crash Chrome. Folks at VentureBeat reduced it by 10 characters and it still works.

Atteka, who has informed Google about the bug in the Chromium tracker, noted that it’s not a security issue. “It seems to be crashing in some very old code. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it’s hitting a CHECK in the Release build, I don’t think this is actually a security bug, but I’m going to leave it as such,” he explains.

While it’s comforting to know that there isn’t any security complication attached to it, it’s still annoying considering even hovering the cursor over the link can crash the tab. The bug affects Chrome clients for Mac and Windows. In our brief testing, Chrome for Android and iOS were unaffected with the bug. Google is yet to patch the issue.