Issue 658602 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 658139
Owner:	----
Closed:	Oct 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Url obsfucation in chrome for android & desktop

Reported by whitehat...@gmail.com, Oct 23 2016

Issue description

http://www.mysite.com:login.html@example.com

This url redirects to example.com

This may lead to tricking a user into phishing attack

Comment 1 by elawrence@chromium.org, Oct 24 2016

Mergedinto: 658139
Status: Duplicate (was: Unconfirmed)

Acceptance of (non-standards-based) userinfo in HTTP(S) URLs is "Working-as-intended" behavior. The browser omnibox hides the userinfo component as a measure to mitigate spoofing attacks.

Project Member

Comment 2 by sheriffbot@chromium.org, Jan 30 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 658602 link

Issue metadata

Security: Url obsfucation in chrome for android & desktop

Issue description

Comment 1 by elawrence@chromium.org, Oct 24 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jan 30 2017

Comment 2 Deleted

Sign in to add a comment