In Google Chrome, and other browsers working on his engine, we found a very simple and effective vulnerability. Just add a few characters to the end of any link, and this will lead to a crash in the browser or its individual tabs. Do not even click on a URL, it is sufficient to carry on the cursor. The bug is still not fixed.
The security expert Atteka Andris (Andris Atteka) discovered DOS vulnerability in chrome, and as said in his blog, complaining that the program rewards for vulnerability, unfortunately, these things do not apply.
The essence of this DOS-vulnerability and the exploit is very simple. If you add to the end of any link
%% 300, URL is converted
to% 00. 0h30, a “0” in the ASCII. Thus
%% 300 is converted into the original “%” converted “0” and the original “0”. All together gives
00, ie at the end of the reference is added NULL byte. Next link passes through GURLToDatabaseURL () andReplaceComponents (). Because NULL byte link is processed again, the browser will notice that the address that is not so and marks the URL as junk. Then return to the GURLToDatabaseURL (), which expects that the link will work. However, the link is not working, it suddenly, and causes DCHECK (), and together with it and drop software.
Caution Click on the links below lead to a drop in your browser. Accidental contact references cursor – to complete the work tab.
Short and simple example of such a link: http: // a / 30 %% 30%. Only 16 characters and a complete crash of the browser.With the same success add
%% 300 or
%% 30% 30 may be any address. For example: http://firefoxcvp.com/%%30%30
If such a link does not click, just hold the cursor over it, it would not lead to a drop in the browser, but to complete the work tab.
Bug important for Chrome, Opera on the engine, Chromium, IE (error message is displayed, the browser does not fall) and even for Steam – built-in browser will hang on one page, will only bypass the client. According to users, Firefox does not fall. But you can insert a link to
%% 30% 30 at the end of the posts in the forums, in the form of pictures, using bb-code. When you visit a page with a “picture”, browsers will also fall.
While experts Google has not yet released a patch, users will have fun as they can: based on the bug has already created a simple game. We need to hold the mouse on the bears without hurting the trees. If you touch the tree – a tab crashes.