New issue
Advanced search Search tips

Issue 653779 link

Starred by 1 user
Status: Fixed
Owner:
est...@chromium.org
Closed: Oct 2016
Cc:
mea...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Security



Sign in to add a comment

Captive portal interstitial shows neutral (i) icon, not red triangle

Project Member Reported by est...@chromium.org, Oct 7 2016 
Version: 55.0.2882.0
OS: Mac OS X

What steps will reproduce the problem?
(1) Follow the instructions at https://gist.github.com/lgarron/5230cc1eebcc19385ed0 to trigger the captive portal interstitial.

What is the expected output?
Lock icon is red triangle... maybe?

What do you see instead?
Neutral (i) icon

See attachment.
Screen Shot 2016-10-06 at 11.20.05 PM.png
86.8 KB View Download

Comment 1 by est...@chromium.org, Oct 7 2016

Owner: mea...@chromium.org
Assigning to meacer to tell me if this is WAI or not.

I can see an argument for not showing a scary red triangle in this situation, but it's inconsistent with the bad clock interstitial which do show a red triangle.

If we want to fix this it's probably just a matter of implementing OverrideEntry in CaptivePortalBlockingPage.

Also note that you can't test this with chrome://interstitials, which always use (i) icons.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 7 2016

Labels: -Pri-3 Pri-2

Comment 3 by mea...@chromium.org, Oct 10 2016 

I'd be okay with this given that there is no way to proceed through this interstitial, but since bad clock also uses red triangle it makes sense to change it.

Comment 4 by est...@chromium.org, Oct 10 2016

Cc: mea...@chromium.org
Owner: est...@chromium.org
Yeah, that makes sense to me too -- I'll send you a CL.

Comment 5 by est...@chromium.org, Oct 10 2016

Labels: -Restrict-View-SecurityTeam -Security_Severity-Low -Security_Impact-Stable M-56 Security_Impact-None
Removing security labels since it's a non-overrideable interstitial, not really a security bug.
Project Member

Comment 6 by bugdroid1@chromium.org, Oct 10 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3e2553a9defa7bdf50be5d18f0cb8ce4ec539ad9

commit 3e2553a9defa7bdf50be5d18f0cb8ce4ec539ad9
Author: estark <estark@chromium.org>
Date: Mon Oct 10 22:25:34 2016

Show red lock icon on captive portal SSL interstitial

We were previously showing the neutral icon on captive portal
interstitials. This isn't that big a deal because the interstitial is
non-bypassable, but we should show a red/dangerous icon to be consistent
with the bad clock interstitial.

BUG= 653779 

Review-Url: https://codereview.chromium.org/2408713003
Cr-Commit-Position: refs/heads/master@{#424265}

[modify] https://crrev.com/3e2553a9defa7bdf50be5d18f0cb8ce4ec539ad9/chrome/browser/ssl/captive_portal_blocking_page.cc
[modify] https://crrev.com/3e2553a9defa7bdf50be5d18f0cb8ce4ec539ad9/chrome/browser/ssl/captive_portal_blocking_page.h
[modify] https://crrev.com/3e2553a9defa7bdf50be5d18f0cb8ce4ec539ad9/chrome/browser/ssl/captive_portal_blocking_page_browsertest.cc

Comment 7 by est...@chromium.org, Oct 10 2016

Status: Fixed (was: Assigned)
Project Member

Comment 8 by sheriffbot@chromium.org, Oct 11 2016

Labels: Restrict-View-SecurityNotify

Comment 9 by lafo...@chromium.org, Dec 9 2016

Components: -Security>UX
Labels: Team-Security-UX
Security>UX component is deprecated in favor of the Team-Security-UX label
Project Member

Comment 10 by sheriffbot@chromium.org, Jan 17 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment