Published on March 22nd, 2015 📆 | 8304 Views ⚑0
Chromium Hack : special 13 character can crash Chrome Browser Tab on a Mac PC
hese 13 characters will crash your Chrome Browser tab on a Mac PC
No browsers are safe as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different. A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC.
The code is a 13 character special string which appears to be written in Assyrian script and is given below :
This code works only on Mac and that too only on Google Chrome. You can find the bug report about the same here. If you are a Mac user and using Chrome kindly do not click on the link.
Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.
Chrome Version : 41.0.2272.89 64 bit
OS version : 10.95
Behavior in Safari 3.x/4.x : Renders squares/doesn’t crash
Behavior in Chrome for Windows: Renders correctly
What steps will reproduce the problem?
1. Any page with ܝܘܚܢܢ ܒܝܬ ܐܦܪܝܡ will crash the chrome tab on a Mac
2. Just create any dummy page with the unicode characters, and the Mac Chrome tab will crash hard
What is the expected result?
Expect it not to crash
What happens instead?
This is pretty serious. You could imagine someone spamming this message in hangouts/gmail and just straight-up force crashing all Mac Chrome browsers. Someone could post this on Facebook, and force-crash all Mac Chrome browers that saw it.
The crash ID of the bug in chrome://crashes is d043b37f53c2436f and users have reported that in some cases it doesnt always crash Chrome but the 13 characters are shown as small rectangles. If you are using a old smartphone you will be familiar with these rectangles if someone sends you a smiley from a iPhone or latest Android smartphone. Apparently these small rectangles are shown when a obsolete system cant read the script. Even opening the code in Apple Safari throws up similar rectangles.
The bug looks to be small and inconsequential but in the right hands it can cause deliberate problems. Imagine if someone makes a tweet with this script or someone posts in on his/her Facebook timeline. All Mac users who use Chrome to view Twitter/Facebook will find their tabs crashing because of the code present in the content.
As Matt C puts it, “This is pretty serious. You could imagine someone spamming this message in Hangouts/Gmail and just straight-up force crashing all Mac Chrome browsers.”
PS : Opening this page in Google Chrome might as well crash your tab on Mac PC.