WingNews logo WingNews GitHub [2]
top | item 7341014

This URL crashes Chrome/Chromium

24 points| reirob | 12 years ago |demo.cmrg.net | reply

33 comments

order
[+] Robin_Message|12 years ago|reply
Flagged. That's pretty annoying reirob; I assumed that would be a link to an article about the URL, since just crashing my browser was obviously a bad thing to do.

Question to downvoters: You don't ever click down the list of Hacker News submissions without thinking too hard first, or you don't think crashing my browser (and losing any state I had in them) is annoying?

[+] reirob|12 years ago|reply
Well, I have got it from Fefe's blog [1] directly as the link. I tried it out before submitting, i.e. I opened a Chromium browser and put the link. The title says what it does - I do not think it is link bait. And Fefe's blog gives as explanation (rough translation from German): The TLS handshake of this site kills Chrome browser.

I too want to know what goes on and I actually think that HN IS the place to submit this kind of bugs.

[+] Grue3|12 years ago|reply
You shouldn't be using an insecure browser such as Google Chrome in the first place.
[+] aurumpotest|12 years ago|reply
...I didn't think that one through.
[+] millerc|12 years ago|reply
Well... nobody can say the title is misleading.
[+] pgrote|12 years ago|reply
I didn't try it in Chrome, but in Firefox I get the following. Is that right?

Secure Connection Failed

An error occurred during a connection to demo.cmrg.net. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
[+] willvarfar|12 years ago|reply
Anyone explain what it does to chrome?

I'm using chrome on android, and it doesn't crash and the lock icon info doesn't show anything that jumps out as wrong.. ?

[+] JetSpiegel|12 years ago|reply
Firefox says

SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.

[+] double051|12 years ago|reply
(Error code: ssl_error_weak_server_ephemeral_dh_key)
[+] JetSpiegel|12 years ago|reply
Both links and wget don't complain though.
[+] barrkel|12 years ago|reply
It didn't crash Chrome for me, but that's because I was using an out of date version.
[+] artimaeis|12 years ago|reply
IE11 gives a page can't be displayed. Investigating console reveals "code on this page disabled back and forward caching".
[+] benbristow|12 years ago|reply
I thought the process-per-tab thing was meant to stop this sort of thing from taking the whole browser down.
[+] pritambaral|12 years ago|reply
That helps when the website code itself is malicious/broken. This crash is due a bug in the underlying TLS code itself. I don't think TLS is sandboxed or separated-per-tab, nor should it expectedly be.
[+] BESebastian|12 years ago|reply
I'm not entirely sure what I expected when I clicked this.
[+] ambrop7|12 years ago|reply
Crashed Chromium 33.0.1750.117 x86_64 built on Gentoo.
[+] dmarlow|12 years ago|reply
Fell for it. I see what you did there...
[+] Shorel|12 years ago|reply
Opera 12 shows a big warning dialog warning the user that the site uses outdated and unsafe encryption.
[+] owenversteeg|12 years ago|reply
It didn't crash Chromium for me. Arch Linux, Chromium 28.
[+] pritambaral|12 years ago|reply
Seems like a regression in the latest (33).
[+] uslic001|12 years ago|reply
Crashed Chrome Version 33.0.1750.146 m on Windows 8.0.