browser crash !

Status
Not open for further replies.

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
Does crash my Chrome Version 47.0.2508.0 dev-m (64-bit) even when just hovering over the link o_O
 

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,017
217
Not working

Tried on

Chrome 45.0.2454.93(Official Build)m(32-bit)
Mozilla Firefox 40.0.3
 
U

User_418

Chrome/Chromium-based (some Linux builds aren't affected)
When you insert a link in adress bar and press Enter - it crashes.
When there's a link somewhere on the page, page crashes after howering on it.
Opera
When there's a link somewhere on the page, page crashes after howering on it.
IE
Error message, but no crash.
Firefox
No errors, no crash. Version is 40.0.2.
Steam
When you insert a link in adress bar and press Enter - page freezes.

Mobile versions are also affected. Also works with
Code:
[img][/img]
tags and similar (all pages of that side crashes when opened in one browser). Doesn't work on IPBoards.

 
Last edited by a moderator:

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
I wonder if it has something to do with the value 0. The %30 represents a url encoded 0 character. Perhaps it reads it as a null, which in turn would trigger a null value --- when it actually wanted a 0 value, so in summary: Basically a nullbyte DoS. The only issue, it crashes just a single tab in my browser. It would be cooler if it crashed the whole browser, still pretty damn awesome though. ;)

Thanks for sharing man, good work.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
http://bit.ly/1Pfyy9z
Just give this a click, I did some magic. ;)
You might have to wiggle your mouse a little.
It actually does seem to fuck up tabs in a weird way --- damn, lol. :eek:

Keep an eye on the processor usage, it goes a bit spastic when you click the link. I'm wondering if something more could be accomplished using this. Perhaps attempting to write something into the URL for example --- get it to run. o_O

Someone should look into this a little more, if this is vulnerable in any way to execution --- you could literally send someone a link to a website and infect people in Chrome and I'm sure other browsers. This is definitely a problem developers probably overlooked, scary.
 
Last edited:
Status
Not open for further replies.
Top