InduceBrowserCrashForRealz



  • While submitting a bug for Chrome, I found this one:

     http://code.google.com/p/chromium/issues/detail?id=73784

    Extensions shouldn't be able to crash the browser using about:inducebrowsercrashforrealz on the tabs API
    chrome.tabs.create({url: 'about:inducebrowsercrashforrealz'});

    Sure enough (and not surprisingly I guess) pasting<font face="courier new,courier"> about:inducebrowsercrashforrealz</font>  into the URL bar causes Chrome to crash immediately.  For Realz!!

    Works on the current 9.x release and everything since.  Haven't tried older versions but it appears they have been leaving unit testing code in Chrome for a while now.

    src/chrome/common/url_constants.cc

    // Use an obfuscated URL to make this nondiscoverable, we only want this to be used for testing.
    const char kAboutBrowserCrash[ ] = "about:inducebrowsercrashforrealz";

    src/chrome/browser/browser_about_handler_unittest.cc

    // Crash the browser process for about:inducebrowsercrashforrealz.
    GURL url(chrome::kAboutBrowserCrash);
    EXPECT_DEATH(WillHandleBrowserAboutURL(&url, NULL), "");

    I guess that  "make this nondiscoverable" part isn't working out so well.  Although I do like the fact that they have a function specifically for crashing the program called EXPECT_DEATH.



  • @El_Heffe said:

    src/chrome/common/url_constants.cc

    // Use an obfuscated URL to make this nondiscoverable, we only want this to be used for testing.
    const char kAboutBrowserCrash[ ] = "about:inducebrowsercrashforrealz";

    src/chrome/browser/browser_about_handler_unittest.cc

    // Crash the browser process for about:inducebrowsercrashforrealz.
    GURL url(chrome::kAboutBrowserCrash);
    EXPECT_DEATH(WillHandleBrowserAboutURL(&url, NULL), "");

    I guess that  "make this nondiscoverable" part isn't working out so well.  Although I do like the fact that they have a function specifically for crashing the program called EXPECT_DEATH.


    No, the EXPECT_DEATH does not crash the browser. It's a unit test code—it's checking that the browser did in fact crash.



  • I suggest Google's solution to this is if a malicious extension used this, instead of crashing the browser it would just rickroll the user.



  • @Bulb said:

    No, the EXPECT_DEATH does not crash the browser. It's a unit test code—it's checking that the browser did in fact crash.
    True, but, from what I can tell, the code is written so that calling EXPECT_DEATH with <font face="courier new,courier">about:inducebrowsercrashforrealz</font> as a parameter is deliberately designed to crash the browser.

    And I still think EXPECT_DEATH is a great name.



  • @El_Heffe said:

    True, but, from what I can tell, the code is written so that calling EXPECT_DEATH with <font face="courier new,courier">about:inducebrowsercrashforrealz</font> as a parameter is deliberately designed to crash the browser.

    Looks to me more like WillHandleBrowserAboutURL(&url, NULL) is deliberately designed to crash the browser.

    Also,

    @El_Heffe said:

    <font face="courier new,courier"&gt

    For how many years has <font> been marked deprecated now? Is that a You WTF, a CS WTF, an MS Word WTF or a TinyMCE WTF? And I'm sure there's people here who don't have either font installed.



  • @derula said:

    For how many years has <font> been marked deprecated now?

    [url=http://www.w3.org/TR/REC-html40-971218/present/graphics.html#h-15.2.2]13[/url].



  • @derula said:

    Also,

    @El_Heffe said:

    <font face="courier new,courier"&gt

    For how many years has <font> been marked deprecated now?

    Don't know. Don't care. It was a stupid decision, and, it's still supported by all browsers.

    @derula said:

    Is that a You WTF, a CS WTF, an MS Word WTF or a TinyMCE WTF? And I'm sure there's people here who don't have either font installed.
    The "advanced" editor here offers font choices, so it's whatever-the-advanced-editor-here-is-called WTF. Although personally I would consider someone not being able to display courier a bigger WTF. It's not like I used Comic Sans.



  • I'd rather see something in Comic Sans than in Courier. At least it's sans.

    It's rare that the use of a font that is not Bitstream, Lucida, or Consolas strikes me as an improvement over using one of those three, and those rare cases are usually in header-type situations.



  • Whatever is wrong with font-family:monospace? Edit: can you do that without CSS?



  • Actually just putting 'about:inducebrowsercrashforrealz' into the address bar will crash Chrome. Trust me on this.

    EDIT: Interestingly though, if you use it as a hyperlink, Chrome turns it into about:blank so no maliciousness possible.



  • @Flatline said:

    Actually just putting 'about:inducebrowsercrashforrealz' into the address bar will crash Chrome. Trust me on this.

    EDIT: Interestingly though, if you use it as a hyperlink, Chrome turns it into about:blank so no maliciousness possible.

    Are you trying to troll or did you not read the OP? If it's the former: your mom's better at trolling, if it's the latter:



    Picard facepalm



  •  I see that you use the thumbnail version of that image. Shirly you can find a bigger one?



  • @derula said:

    @Flatline said:
    Actually just putting 'about:inducebrowsercrashforrealz' into the address bar will crash Chrome. Trust me on this.

    EDIT: Interestingly though, if you use it as a hyperlink, Chrome turns it into about:blank so no maliciousness possible.

    Are you trying to troll or did you not read the OP? If it's the former: your mom's better at trolling, if it's the latter:



Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.