Opening http://../foo on Android Chrome crashes the browser (Warning: or worse)

On XiaoMi phones at least, this is a system app (see: bloatware). That means you can&#x27;t clear its app data nor uninstall it, effectively bricking Chrome permanently.<p>The only thing you can do is uninstall the updates, which force resets its persistence, losing all of your stored data&#x2F;sessions.<p>If you&#x27;ve already done that... tough luck, I guess?<p>What an awful bug.

&gt; Chrome freezes and&#x2F;or crashes. Note: this is even worse if the URL was opened from an intent. In that case, Chrome can end up completely bricked because upon restart it will immediately attempt to re-open the URL that crashed it. I could not recover from this without having to fully &quot;Clear Storage&quot;.<p>You’re telling me Chrome does not have that feature where after a few failed attempts, the browser offers you to <i>not</i> open the websites from the previous session? Firefox has that.

When I open <a href="https:&#x2F;&#x2F;bugs.chromium.org&#x2F;p&#x2F;chromium&#x2F;issues&#x2F;detail?id=1252624" rel="nofollow">https:&#x2F;&#x2F;bugs.chromium.org&#x2F;p&#x2F;chromium&#x2F;issues&#x2F;detail?id=125262...</a> i get permission denied. Why am I getting &quot;Permission denied&quot; trying to view a bug?

Warning: if you do this on your Android phone at the moment, you may have to completely clean your Chrome application storage to be able to use the app afterwards.

I just did and the whole phone was frozen. I couldn&#x27;t force close Chrome, nor do a graceful power off. After 2 min, a notification came up that allowed me to finally close the browser.<p>Amazing how even after an army of contributors and a fairly old project still has bugs as trivial and yet significant as this one. It&#x27;s a regression, but even so.

Now to get some QR codes of that url printed on sticker paper...

Reminds me how in the first public release of Chrome you could crash the entire browser by typing % in the address bar.

Not sure what I expected. My poor tabs.

Surprised this wasn&#x27;t submitted or treated by Google as a security defect. I don&#x27;t think Google pays out for DoS typically, but considering how easily this can be weaponized, this one probably should&#x27;ve paid out.<p>Especially if the mechanism of the crash also allows for an RCE that hasn&#x27;t been discovered yet. Worth equipping fuzzers with the URL as a prefix.<p>Edit: They reclassified it as a security defect and restricted permissions on it after my comment directly on the bug.

Is &quot;foo&quot; used to mean any string, or is it literally only &quot;..&#x2F;foo&quot; that crashes it?

Strangely this bug does not seem to occur in incognito mode, at least on my phone.

Did this to Chrome on Android &amp; it crashed, but only for the first time. Subsequent requests simply took me to google search results instead of resolving the URL.

On older versions of Chrome just goes to google.com and searches for this string. That&#x27;s why i disabled automatic updates on my phone. Give me a changelog and i update. Bug fixes and performance improvements it&#x27;s not a changelog.

Works as expected on Brave (it&#x27;s Chromium based)

Not an issue in Bromite or GrapheneOS&#x27; Vanadium chromium fork.<p>edit: correction: it effects both. Incognito tabs aren&#x27;t affected.

doesn&#x27;t work for me on kiwi 94 (a fork of chrome)<p><a href="https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;pBtuwRW" rel="nofollow">https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;pBtuwRW</a><p>maybe you need to be not in incognito? i didn&#x27;t want to test out of it in case it actually bricks my browser

Doesn&#x27;t crash for me. Takes me to Google search.

My bet is on url parser in unsafe language