A few weeks ago there was a link released to the public that could crash Google Chrome. It looks like this: http://a/%%30%30
Note that this URL does not crash other browsers like IE, Edge or Firefox due to the way those browsers handle the URL.
You cannot type certain characters into a URL, because they have special functions or are just unsupported. To make up for this, browsers understand a percent sign and a number after it as a character which it can decode to get the “real” URL. To understand why Google Chrome crashes, we must first decode the URL.
Decoding the URL
At the end of the URL is this: %%30%30 – %30 gets decoded to 0. It is the same 0 that you would type with your keyboard, and so, we have this: %00. If we decode it again, the %00 gets decoded to a NULL character, which is an invalid character for URLs.
Note that if you had just typed http://a/%00 the browser would detect it as an invalid URL and the bug would not work.
However with Google Chrome, before the decoder is run a second time, the URL is marked as a safe URL to use. Therefore, when Chrome tries to connect to that address, it fails and realises that the URL is invalid. This (for an unknown reason) causes Google Chrome to pop up a window saying “Something has gone terribly wrong here…” and kills Google Chrome.
When this URL was released to the public, I tested it with my browser that I am currently developing. My browser crashed as well. xD
I have fixed it if you were wondering 🙂
If you are reading this, the bug has already been fixed with Google Chrome. Chrome now changes the URL to http://a/%2500 to prevent crashes.