Marc-Antoine, can you take care of this please?

 Issue 603609  has been merged into this issue.

I'll do it... I'm there now...

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ff7b8097333f0abd117606334dc925b09a2b247f

commit ff7b8097333f0abd117606334dc925b09a2b247f
Author: mad <mad@chromium.org>
Date: Wed Apr 20 19:39:45 2016

Explicitly use HTTPS to download the CCT binary

TBR=mattm@chromium.org
BUG= 598752 

Review URL: https://codereview.chromium.org/1908613002

Cr-Commit-Position: refs/heads/master@{#388555}

[modify] https://crrev.com/ff7b8097333f0abd117606334dc925b09a2b247f/chrome/browser/safe_browsing/srt_field_trial_win.cc

does this need a merge?

This was already reported internally before the external report in  issue 603609  so I'm passing this to the VRP panel to decide if we can reward this or not.

wfh@ does it mean no reward for my  issue 603609 ? 

re: #7 that will be up to the VRP panel to decide.

[Automated comment] Request affecting a post-stable build (M50), manual review required.

Your change meets the bar and is auto-approved for M51 (branch: 2704)

OS-Windows by the looks of it.  Up to the desktop folks.

Before we approve merge to M50, Could you please confirm whether this bug is baked/verified in Canary and safe to merge? 

Please merge your change to M51 branch 2704 before 5:00 PM PST Monday (04/25/16) so we can take it for next week M51 Beta candidate cut. Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e2cb81025e77fc6ba0b8c0019a34d44aa8f9a00e

commit e2cb81025e77fc6ba0b8c0019a34d44aa8f9a00e
Author: Marc-Andre (MAD) Decoste <mad@google.com>
Date: Mon Apr 25 21:11:32 2016

Explicitly use HTTPS to download the CCT binary

TBR=mattm@chromium.org
BUG= 598752 

Review URL: https://codereview.chromium.org/1908613002

Cr-Commit-Position: refs/heads/master@{#388555}
(cherry picked from commit ff7b8097333f0abd117606334dc925b09a2b247f)

Review URL: https://codereview.chromium.org/1919043002 .

Cr-Commit-Position: refs/branch-heads/2704@{#229}
Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251}

[modify] https://crrev.com/e2cb81025e77fc6ba0b8c0019a34d44aa8f9a00e/chrome/browser/safe_browsing/srt_field_trial_win.cc

About the merge to M50, this bug is baked/verified in Canary and safe to merge.

But there's another discussion about on duplicate  issue 603609  where the security severity label was set to low (as I just did on this bug) so it might not be important enough to merge up to stable.

Opinions?

FWIW, we don't merge Sec-Sev-Low to stable, so this can roll in with the initial M51 release unless there's a strong objection.

Updating labels for M-51. If you want this to go in an M-50 patch, remove the "release" label and please add "Merge-triage"

Tim - Thanks for the reward could you please credit me as "Khalil Zhani" not "jackwillzac"and Cc "chromium.khalil@gmail.com" as the right reporter.

Updated:

As you've already seen, the reward was $500 :) CVE-ID is CVE-2016-1693.

I'll add your payment into next wee's payment process. Thanks Khalil (and I'll note this email address as yours for future reference)

Also, just to note that we'd usually not reward this issue as your report is a duplicate of an existing issue. That said, we used our discretion to pay you anyway as your report sped up the resolution and brought more attention to this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot