New issue
Advanced search Search tips

Issue 664813 link

Starred by 2 users
Status: Duplicate
Merged: issue 664177
Owner: ----
Closed: Nov 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Get security/privacy/certificate related errors from trusted websites.

Reported by herbman...@gmail.com, Nov 13 2016 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36

Steps to reproduce the problem:
1. Enter "https://itunes.apple.com" or "https://www.amazon.com/" into the address-bar of chromium.
2. Hit Enter

What is the expected behavior?
Either website should load just fine.

What went wrong?
Instead of displaying https://itunes.apple.com Chromium displays a page that says:

> Your connection is not private
>
> Attackers might be trying to steal your information from itunes.apple.com (for example, passwords, messages, or credit cards). NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

Instead of loading https://www.amazon.com/ correctly, Chromium loads the website without images, js-files and css-files. For each file that is not loaded I get a "net::ERR_INSECURE_RESPONSE" Error in the console.

Did this work before? Yes I'm not sure. It worked until a couple of days ago.

Chrome version: 53.0.2785.143  Channel: n/a
OS Version: Mint 17.3
Flash Version: none

Both websites work fine with Firefox.
I already tried with reinstalling Chromium and deleting the config directory (~/.config/chromium).

Comment 1 by herbman...@gmail.com, Nov 13 2016 

This line is misleading:
> "Did this work before? Yes I'm not sure. It worked until a couple of days ago."

It should be:

"Did this work before?"
Yes

"What version did it work with?"
I'm not sure.

...

Comment 2 by rickyz@chromium.org, Nov 14 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Mergedinto: 664177
Status: Duplicate (was: Unconfirmed)
Hi, thanks for your report! This looks like the same as  issue 664177 . According to https://sslmate.com/blog/post/ct_redaction_in_chrome_53, restarting Chrome should pick up a change that should work around this.

Comment 3 by herbman...@gmail.com, Nov 14 2016 

Hi, thanks for your response!

> "restarting Chrome should pick up a change that should work around this."

Restarting Chromium did not help. This is what I tried so far:

* Restart Chromium.
* Reinstall Chromium.
* Delete config dir (~/.config/chromium) and reinstall Chromium.
* Restart OS.
* Synchronize OS Time with timeserver.

No improvement.

Comment 4 by rickyz@chromium.org, Nov 14 2016 

Ah, I missed that you were running a distro-provided Chromium. I don't believe those will pick up the workaround we pushed out. Unfortunately, you'll need to wait for your distro to update Chromium (or use an official Chrome build) - sorry about that!

Comment 5 by herbman...@gmail.com, Nov 14 2016 

I see. No problem, I'm patient :)

Sign in to add a comment