THERE'S NOTHING MORE alluring than a big red button that says "Do Not Touch", and this one is a doozy.If you type, "http://a/%%30%30" into Google Chrome, it will bork your browser rather spectacularly. We can see you reaching to launch Chrome now. Stop it. Really, you don't want to try it.
We did. It crashes your browser and anything connected to Chrome such as Hangouts.
Essentially, the bug is caused by adding a NULL character to a web address. It shouldn't work, but it does.
A bug report in Chromium with the audacious title "GURL re-canonicalization unescapes a second time, can invalidate previously-valid URL", submitted by Andris Atteka, appears to show the fault as being present in Chrome 45 and still crashing in current Canary builds.
Google has said that it is "working on a fix" but there seems to be some debate in the community as to what a fix looks like.
You'll notice we've not hyperlinked to the offending string either because even hovering a mouse over the characters will trigger the effect.
It's a mild inconvenience, essentially. There's no security risk, there's no permanent damage. But with web browsers being such a central part of the computing experience, a weakness like this is bound to raise questions as to what else can go wrong.
Chrome, as one of the biggest browsers on the planet, has to be seen to be stable, and so Google will want to ensure that this "feature" is fixed as soon as possible.
With it being non-security related, Atteka won't get the bug bounty that Google offers, just the satisfaction of knowing that there's millions of Chrome user who are slightly less inconvenienced as a result of his efforts.
Chrome news has been thin on the ground lately as Google's focus remains on the release of Marshmallow, set to be unveiled along with some new handsets on September 29th. µ
Cr : Chris Merriman / The Inquirer
ไม่มีความคิดเห็น:
แสดงความคิดเห็น