Put the following url on your browser and see the magic: http://a/%%30%30
Even mousing over the link will make Chrome dance the grim fandango (so I've kept the URL in plain text for your safety). If you'd like to try it out for yourself, you can copy and paste the link into your address bar.
I have tested the buggy URL in both Chrome Version 45.0.2454.93 for Windows. It's also reported to affect Opera 32.0. Android's Chrome seems to be okay, as does Safari, Internet Explorer and Firefox. The bug seems to be only a denial-of-service vulnerability rather than a fully fledged security issue, but it could understandably cause problems for people.
What's making this happen? The fault seems to be some old code in Chrome. Security researcher Andris Atteka, who discovered the bug, reported the issues to Chrome via Chromium Issue and received this explanation in response:
“It seems to be crashing in some very old code. In the Debug build, it's hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it's hitting a CHECK in the Release build, I don't think this is actually a security bug, but I'm going to leave it as such.”
No comments:
Post a Comment