Some of the build in search engines that come with Chrome do not use SSL for the prediction service in the OmniBar. Hijacking the connection and serving large responses will crash Chrome on Linux by running out of memory. This only happens in Linux, on Mac OS, Android and Windows, the request stops after consuming around 10-30 MBs (still not a good thing but not as bad as a crash). We didn't try testing on Android with a slow connection to see if the browser would hang while the download happens.
Search engines are defined in /src/components/search_engines/prepopulated_engines.json, two default ones (AOL and Ask.com) are not using SSL for US/English. We tested those.
The source of the bug seems to be in src/components/omnibox/browser/zero_suggest_provider.cc, lines 312-338, specifically:
there doesn't seem to be a limit of how big the response can be, although some sort of overall fetch protection seems to kick in for MacOS, Android and Windows.
Chrome Version: 51.0.2704.106 (Official Build) (64-bit)
Operating System: Ubuntu 16.04
1. Install DNSMASQ:
sudo apt-get install dnsmasq
2. Install NGINX:
sudo apt-get install nginx
3. Modify the /etc/hosts file to add the following entries to map to the IP of the local computer (varies by vendor of the phone):
4. Configure /etc/dnsmasq.conf file to listed on the IP:
5. Restart DNSMASQ:
sudo /etc/init.d/dnsmasq restart
6. Use fallocate to create a file in "/var/www/html/"
sudo fallocate -l 5G query
7. Modify DNS settings on the test machine or the same machine to point to "192.168.1.x". If same machine, modify resolve.conf as follows:
8. Start Chrome, go to settings and choose "Ask.com" as the default search provider.
9. Open new tab and try to type something in the omnibox.
FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: browser
Crash State: browser closes, the following log message appears when logging is enabled:
tcmalloc: large alloc 1073741824 bytes == 0x2d2b6ea56000 @
[17724:17761:0630/084551:FATAL:memory_linux.cc(36)] Out of memory.
Aborted (core dumped)