Browsers are complicated pieces of software, and sometimes the simplest things can trip them up. This week, a developer discovered that a simple string of 13 characters will instantly crash a tab in Google’s browser.
The problem doesn’t occur on Windows, nor does it occur in Safari on a Mac. If you’re using Chrome on a Mac, just click this link (Warning: For some, the tab showing this article also crashes when you click). That’s the bug report describing the issue.
To make sure everyone is on the same page, here’s an image of the 13 characters in question (they appear to be in Assyrian):
If you’re using Chrome for Mac and can’t load the page linked above, here’s the bug report’s description (it’s amusingly straightforward):
What steps will reproduce the problem?
1. Any page with [Removed so this article loads for everyone] will crash the Chrome tab on a Mac
2. Just create any dummy page with the unicode characters, and the Mac Chrome tab will crash hard
What is the expected result?
Expect it not to crash
What happens instead?
We did some basic testing and it seems that the crash doesn’t always occur. In select cases when Chrome renders text differently, Mac users see 13 blank rectangles (▯▯▯▯▯ ▯▯▯ ▯▯▯▯▯) instead of the tab crashing, though they never see the proper characters.
The developer who found this gives two examples of how this bug could be abused: “This is pretty serious. You could imagine someone spamming this message in Hangouts/Gmail and just straight-up force crashing all Mac Chrome browsers. Someone could post this on Facebook, and force-crash all Mac Chrome browsers that saw it.”
Most popular online services load text differently to avoid such problems. That said, an attacker could certainly take advantage to wreak havoc and cause confusion.
While we were looking into this bug, the Chromium issue was marked as “Duplicate.” When we tried to load the original issue to find out more, we were greeted with an error:
The important part here is that Google is indeed aware of the problem. If it’s deemed serious enough, we expect it will be fixed in a future Chrome update for Mac.
We’ve reached out to Google for more information and will update you if we hear back.
Update on March 23: A Google spokesperson told VentureBeat that the Chrome team is working on a fix.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more