Why does the URL http://a/%%30%30 crash Google Chrome?
Tom Scott explains this in his YouTube video:
http://a/%%30%30
is decoded ashttp://a/%00
because%30
is0
http://a/%00
is then further decoded by another piece of code ashttp://a/<NULL>
because%00
is the NULL character
The bug was originally demonstrated by Andris Atteka who simply added a null character to the string.