Users that visit forums and read comments should be extra cautious when clicking links when browsing with Google's Chrome browser on both desktop and mobile. An issue with the browser causes it to crash when certain links are clicked or when the mouse hovers over it.
The bug was discovered by security researcher Andris Atteka who also reported the issue to Google. He found out that certain URLs crash the browser. The culprit is the so-called 'null' character. A Google developer writes about it, "This is annoying and we should fix it. The thing breaking here is we're trying to protect the browser process from malicious URLs containing NULLs and being a little too overaggressive."
A malicious link looks like http://aaa.com/%%30%30, http://a/%%300 or file:///%%300. Because these are not links, but simple text the don't crash the browser.
The issue is serious and could cause a lot of havoc, as Atteka writes, "Anyone can make any one's website vulnerable for Chrome by simply pasting the malicious URL to his site. That said, if an attacker pastes the malicious URL to a public forum or community website, it will crash the Chrome windows of every user out there."
Google has given the bug the highest priority and is working on a fix. The issue affected both desktop versions of Chrome as the Android version of the browser.
