This link will crash your Chrome tab

chrome_tab_crash
Gaming execs: Join 180 select leaders from King, Glu, Rovio, Unity, Facebook, and more to plan your path to global domination in 2015. GamesBeat Summit is invite-only -- apply here. Ticket prices increase on April 10th!

Browsers are supposed to be able to open hyperlinks — one could argue that’s their main purpose. This past weekend, developer and Reddit user jlblatt discovered he could create links that open in Google’s browser, but then instantly crash the tab.

To try it yourself, fire up Chrome 41 (the latest stable version) or older and click this link or this link. This bug is open for abuse, as jlblatt shows in his proof of concept: this Reddit thread crashes because of the content in the user-submitted post. Even worse, you can crash a Reddit thread just by posting such a link as a comment.

Here is the code for an example link that will crash your Chrome tab:

<a href=”http://Lorem ipsum Culpa labore qui culpa enim nostrud eiusmod ullamco anim in dolor consequat voluptate in in laboris consequat dolor occaecat minim aliqua quis id in Duis eiusmod amet id do ex do dolore dolor anim sit deserunt do.”></a>

We had to use html characters < and > above or Chrome users wouldn’t be able to open this article. Interestingly, using https instead of http is enough to avoid causing a crash.

This issue is bigger than the last Chrome tab crash bug, caused by 13 characters, because that one was limited to just Mac OS X. This one affects Windows, OS X, Chrome OS, as well as some Linux installations.

The good news is that this bug was reported last month (Chromium issue) and has since been fixed according to this Chromium code review. As a result, Chrome 42 and higher should no longer be affected (we did some basic testing and confirmed this appears to be the case).

For those interested in why this happens, Chrome is essentially running out of memory for the given tab. The fix is related to the DNS prefetch function, the renderer for which tries to send long hostnames to the browser.

We’ve reached out to Google for more information and will update you if we hear back. In the meantime, Chrome 42 is expected to arrive by the end of the month.

More information:

Powered by VBProfiles


VentureBeat’s VB Insight team is studying email marketing tools. Chime in here, and we’ll share the results.
More information:

Powered by VBProfiles

Leave a Reply

Your email address will not be published. Required fields are marked *