16 comments

[ 9.0 ms ] story [ 62.1 ms ] thread
This does indeed kill Chrome (v33 on OS X 10.9.2). Firefox copes fine, with the error message ssl_error_weak_server_ephemeral_dh_key.

Anyone know what's going on here?

Tried it out from the console using Chromium on Linux. It's a segfault of some form, though it unfortunately doesn't log anything else to the terminal before segfaulting.
Kills it on Windows 8 also. Chrome Version 33.0.1750.146 m
I'm sure there's a perfectly good reason why I clicked on a link that told me it would kill my browser...

Yes, killed Chrome 33.0.1750.146 m on Win7 here.

Maybe put a warning (something in the title) which tells that opening the page may cause our browser to crash? I thought it would open a page where the issue is discussed, not a page which directly crashes my browser. (HN hides the subdomain: demo.cmrg.net, therefore removing the only indicator showing that this is a demo)
(comment deleted)
Haha! Is there an actual link explaining the issue, not just the source? That's a fun demo.
That's quite annoying. It doesn't indicate that clicking this link kills Chrome rather than a disclosure piece about something that could kill Chrome. I'd be even more annoyed if this crashed and lost unsaved work.
Killed Google Chrome release 35.0.1862.2 Ubuntu unstable package too
That is very irresponsible.

Don't submit a direct link that crashes the whole browsers instead post a communication explaining the risks (also stop upvoting this!). It is also irresponsible since Google has a well publicized framework that enables responsible disclosure that this should have gone through first.

Wouldn't this potentially be eligible for an security award, and disclosing it this way negates that award?
Does not kill Chrome Version 27.0.1453.110 on Redhat 6.4

Instead says:

"Server has a weak ephemeral Diffie-Hellman public key This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn't be secure at all!

In this case the server needs to be fixed. Google Chrome won't use insecure connections in order to protect your privacy."

Did not kill chromium based epic browser.
(comment deleted)