Jake Charman

Resident Geek of Nitrous Junkie Racing

How crashchrome.com Works In Far Too Much Depth…

Tue 26 Jan 2016

So, there have been these sites for a while that serve no purpose other that to crash your browser.

Now, many people would think that the web browser has been around long enough for this sort of thing to be impossible. And to an extent, that is true. In the current version of Chrome each tab runs as it’s own process so a site like this will only crash one tab and the OS and other tabs will be left unharmed. Firefox has the same sort of protection but it’s not implemented quite as well.

Sites like crashchrome.com (except crashfirefox.com for some reason) take advantage of a new technology which allows web apps to write to the web history, primarily designed for single page apps to be able to use the back button, The actual code that crashes the site is remarkably short.

var total = "";
for( var i = 0; i < 100000; i++ ) {
total = total + i.toString();
history.pushState(0,0, total );

What this very simple script does is create a variable called ‘total’ and assigns a blank value to it. Then create a variable ‘i’ with the value ‘0’ and run the code between the curly brackets all the time while it is below 100000 incrementing the value ‘i’ each time. Effectively running the code 100000 times. In some old browsers a long or infinite (while(True){}) loop was enough to crash it, however in our modern browsers a little more is needed. The code inside the for loop adds total to itself and appends ‘i’ to the end. In this case, ‘total’ is a string so ‘i’ is converted to a string before it is added. This value is then pushed to the history of the browser.

To understand why this works we need to know about variable types. Different types of variable are affected by the same operator in different ways. For example in C#:

//Create a string with no value
string Foo = null;

//Create an integer with the value 0
int Bar = 0;

//Assign some values
Foo = "1";
Bar = 1;

//Conduct some operations
Console.WriteLine(Foo + Foo);
Console.WriteLine(Bar + Bar);

Our output in this example would be:


This works because a string cannot be mathematically added so ‘+’ means append in this context. In the same way, I could write:

//Create some strings
string Foo = "The quick brown fox jumps";
string Bar = "over the lazy dog";

//Append and print the strings
Console.WriteLine(Foo + Bar);

And I would get

>> The quick brown fox jumps over the lazy dog

So in our browser crash, the string ‘total’ gets gradually longer until the OS and the browser simply cant cope. Bear in mind that you’re going to end up with gigabytes of data in RAM being passed to the browser’s history. This is why iPhones reboot because of this script. They only have 512mb of RAM and it soon fills up meaning the OS quickly realizes something is horribly wrong and reboots in a last ditch effort to solve the problem.