Google's Chrome browser can be crashed by typing in, clicking on, or even just hovering a mouse cursor over a 16-character link.

The flaw will either crash individual Chrome tabs or the whole Chrome browser. Discovered by security researcher Andris Atteka, it works by adding a null character into a URL, causing Chrome to crash instantly.


Atteka found a 26 character string could cause Chrome to crash, but VentureBeat pointed out that the browser could be crashed by typing in just 16. We've copied in the two offending URLs below. If you want to test out the bug for yourself, click them. If you don't want Chrome to crash, avoid them.

http://a/%%30%30

http://biome3d.com/%%30%30

The bug isn't a security vulnerability as it only exploits Chrome's inability to handle an invalid URL, but could become irritating if not fixed. Atteka said he had reported the bug to Google.


This isn't the first time Chrome has been tripped up by a seemingly innocuous string of characters. In April a similar bug caused Chrome to crash if it loaded any pages containing the troublesome URL or a link to it. Another bug reported in May crashed the Mac OS X version of Chrome using 13 characters.

And it isn't just Chrome affected by these flaws. A similar bug uncovered in Skype in June saw the Microsoft-owned chat app crash every time someone entered "http://:".

WIRED tested the latest Chrome bug and found that it crashed Chrome on Mac OS X and Windows, but not Chrome for Android. Google is aware of the bug and it is likely to be fixed with a minor update to its browser.