Crash Chrome with this link: http://a/%%30%30


Tom Scott, a master wiz in all thing tech and programming explains why the Chrome browser crashes when you insert http://a/%%30%30 in the browser’s address bar. It all boils down to what can the browser “understand”, ie decode, from the sequence of characters in that URL.

For example, %30 is translated to number 0 because the % sign means that the characters are encoded. Then you will see that the browser interprets the URL as being this:
http://a/%00

Since we still have a % sign in the URL the browser decodes %00 to NULL.

So, initially Chrome marks the http://a/%00 URL as being safe to use and good to go, then it will send the URL to a function which decodes the URL again resulting http://a/NULL. Now the function sees that the URL is invalid and then sends it back to the browser which knows the URL is fine. It’s like and infinite loops which will finally crash the browser.

No comments yet... Be the first to leave a reply!