New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 616340 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Jun 2016
Cc:
kavvaru@chromium.org
rnimmagadda@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

URL bar spoof with wrong host badssl and 204 No Content

Reported by chromium...@gmail.com, Jun 1 2016 
Chrome Version       : 53.0.2753.0
OS                   : Win7

Lunch https://wrong.host.badssl.com then type on the omnibox https://www.google.com/csi and enter. As you can seems like you'd just be able to make the user think a victim site was untrustworthy, in this case a hypothetical attacker wouldn't have any control over the content of the page being displayed underneath the URL
screenshot.png
79.4 KB View Download

Comment 1 by kavvaru@chromium.org, Jun 1 2016

Cc: kavvaru@chromium.org
Labels: Needs-Feedback
Tested the issue on windows 7 using chrome version 51.0.2704.63 and canary 53.0.2753.0 with the below steps

1. go to URL  https://wrong.host.badssl.com
2. Type https://www.google.com/csi in omnibox
3.Press enter
4. Observed as like in screen cast

Please find the attached screen cast and provide us the expected and actual results to triage the issue form test team end.

Thanks,

Comment 2 by rnimmagadda@chromium.org, Jun 27 2016

Cc: rnimmagadda@chromium.org
Labels: -Needs-Feedback
Status: WontFix (was: Unconfirmed)
Due to lack of user response we are closing this issue for now. Please feel free to file a new issue if you come across this issue again.

Sign in to add a comment