Issue metadata
Sign in to add a comment
|
Security: Improper EV SSL Cert displays on site when redirected
Reported by
j...@cyph.com,
Sep 4 2016
|
||||||||||||||||||||
Issue description
VULNERABILITY DETAILS
EV SSL certificate from redirecting website persists from URL redirect, i.e. the SSL cert from site one shows up as valid on site 2, even if the connection on site 2 isn't valid.
I have an extension (KB SSL) which forces SSL and might be related to reproducing the bug.
Not sure what other versions this is reproducible in.
VERSION
Chrome Version: Version 55.0.2846.4 canary (64-bit)
Operating System: Mac OSX 10.11.1
REPRODUCTION CASE
1. Force https (unknown if necessary)
2. Go to twitter or another site with a URL redirect with https
a. e.g. https://twitter.com/SpaceX/status/771871484167925761
b. site may need invalid https cert
3. Click the outbound link which is redirected by t.co
Note that chrome displays Twitter's EV SSL cert even when the redirect is finished and the user is on another site.
,
Dec 16 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Sep 4 2016Status: Duplicate (was: Unconfirmed)