I put a spell on URL: Crash Google Chrome with 16 characters

New magic words are a lot like old magic words, except they make the internet flail around and die. Put the URL below in the address bar of the latest version of Chrome and your browser will splutter and crash.

I put a spell on URL: Crash Google Chrome with 16 characters

Abracadabra. Open sesame. Izzy wizzy, let’s get busy. http://a/%%30%30

Even mousing over the link will make Chrome dance the grim fandango (so we’ve kept the URL in plain text for your safety). If you’d like to try it out for yourself, you can copy and paste the link into your address bar.

We’ve tested the buggy URL in Chrome v45.0.2454.93 for both Windows and Mac, and in both cases the browser crashed. It’s also reported to affect Opera v32. Android’s Chrome seems to be okay, as do Safari, Internet Explorer and Firefox. The bug seems to be a denial-of-service vulnerability rather than a fully fledged security issue, but it could understandably cause problems for people.


What’s making this happen? The fault seems to be some old code in Chrome. Security researcher Andris Atteka, who discovered the bug, reported the issues to Chrome via Chromium Issue and received this explanation in response:

“It seems to be crashing in some very old code. In the Debug build, it’s hitting a DCHECK on an invalid URL in GURL, deep in some History code. Given that it’s hitting a CHECK in the Release build, I don’t think this is actually a security bug, but I’m going to leave it as such.”

Chrome-killing game

GitHub user Sean Zhu has already made a game from the bug, which you can play here. Use your cursor to follow the trail of bears. If you touch a “deadly tree”, your browser will crash. As you’d expect, the game only works (and breaks) on Chrome.


Skype was beset by a similar issue in June, with eight characters causing the service to crash if typed into the message box. Before this, Apple suffered from an iMessage bug, with a string of specific Unicode characters causing iPhones and iPads to crash.

Google hasn’t yet released a patch, but is working at getting one up as soon as possible. Expect to see a minor update to the browser soon. In the meantime, you can follow some developer discussion of the problem over at the Chromium bug-tracker site.

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos