When the duplicate infobar pops up, it asks "Do you want to download %URL again?". If %URL is large, it will elide by inserting an ellipsis in the middle. Unfortunately, scammers can use this to obscure the true domain of a page.
Existing utilities for securely eliding a URL don't exist on Android.
The security impact of this is limited because elsewhere in the UI we display the true origin of download.
Split off from Issue 657341
|
Deleted:
screenshot-070c55b9-20161209T112836.png
78.1 KB
|
|
screenshot-070c55b9-20161209T112836.png
78.1 KB
View
Download
|
|
|
Deleted:
screenshot-070c55b9-20161209T112903.png
722 KB
|
|
screenshot-070c55b9-20161209T112903.png
722 KB
View
Download
|
|
Comment 1 by dewittj@chromium.org
, Dec 9 2016