Watch out for this web link that crashes Safari

[Scorpus]

If you run into a link to a website called crashsafari.com, it's probably best not to click on it. As the website's name advertises, visiting the site crashes the Safari web browser on both desktop and mobile devices, and it's currently being shared across social media by a number of pranskters.

The website works by running JavaScript code that fill the address bar with an infinite series of numbers. Safari doesn't handle this particularly well, and will freeze on Mac, requiring you to force quit the browser. The website affects mobile devices running iOS as well, causing the browser to crash and, in some cases, the device to reboot.

Safari is affected the worst of all browsers, but the website does also have an effect on Chrome across all platforms. Loading the site in Chrome for Android, for example, causes device slowdowns and the browser to crash, but doesn't force the phone into rebooting itself.

The good news is that visiting this website causes no permanent damage to your device. After closing the web browser or rebooting your handset, everything should be back to normal, unless you decide to visit the website again for whatever reason.

So if you see a link to crashsafari.com, you can save yourself some minor trouble by not clicking on it. However there is still a chance that you'll be tricked into clicking the link via a URL shortener, so it's a good idea to watch out for any suspicious shortened links you might be sent via social media.

Permalink to story.

https://www.techspot.com/news/63594-watch-out-web-link-crashes-safari.html

 

[trparky]

Truth be told, this issue causes problems for both Firefox and Google Chrome. Yes, it has the name "safari" in it but it works on all major web browsers.

It appears to make Google Chrome and Firefox eat system RAM until your either kill the process manually or Windows gives you an "Out of Memory" error. Myself I let Google Chrome play with the web site and RAM usage for Google Chrome quickly climbed to 12 GBs of usage. I killed the process tree in Process Hacker when the RAM usage hit 14 GBs.

I dug into the code of the page itself by using one of my HTTP reading tools that I have available to use. There's a Javascript loop that runs 100 thousand times adding 100 thousand entries to your browser's browsing history using the Javascript history.pushState() API. Basically it overloads the **** out of your browser.

Technically there's nothing malicious about the code that's being used, the only thing that makes the code malicious is that it attempts to overload your browser's browsing history by attempting to add so many entries that the browser just chokes under the load.

The Javascript code used is simplistic in the implementation. The only way that I can think of that be done to guard against this kind of thing happening again is to limit the amount of times that a call to the history.pushState() API can be executed per page instance and if it exceeds that amount the script is automatically killed.

There are reports that this causes iOS devices to spontaneously reboot. My best guess is that it reboots from RAM exhaustion, more than likely the system kernel panics and reboots the device. There's a good chance that the same thing will occur on Android devices as well. For those that don't know, a kernel panic in Linux parlance is the same as a BSOD on Windows.