New issue
Advanced search Search tips

Issue 658602 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 658139
Owner: ----
Closed: Oct 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Url obsfucation in chrome for android & desktop

Reported by whitehat...@gmail.com, Oct 23 2016

Issue description

http://www.mysite.com:login.html@example.com

This url redirects to example.com

This may lead to tricking a user into phishing attack
 
Mergedinto: 658139
Status: Duplicate (was: Unconfirmed)
Acceptance of (non-standards-based) userinfo in HTTP(S) URLs is "Working-as-intended" behavior. The browser omnibox hides the userinfo component as a measure to mitigate spoofing attacks.

Project Member

Comment 2 by sheriffbot@chromium.org, Jan 30 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment