New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Duplicate
Merged: issue 683314
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security

Blocked on:
issue 683314

Sign in to add a comment renders as a string resembling "" in the address bar

Reported by, Jan 31 2017 Back to list

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36

Steps to reproduce the problem:
1. Enter (or .com, etc.) in the address bar.
2. Be amazed as the URL in the address bar now resembles "" or "".
3. Refrain from registering your own "xn--e1auc7f" domain and starting a fake news site.

What is the expected behavior?
The address bar should show "" or the domain should be otherwise marked as potentially malicious.

The ".com" version is currently hosting fake news:

What went wrong?
The domain renders as еѕрп.net (that's *not* an "n" before the dot) in the address bar instead of, creating a large probability of confusion.

Did this work before? N/A 

Chrome version: 56.0.2924.76  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 24.0 r0

Blockedon: 683314
Components: UI>Browser>Omnibox UI>Security>UrlFormatting
This is a whole-script confusable string (all characters are Cyrillic);  Issue 683314 

Comment 2 by, Feb 1 2017

Mergedinto: 683314
Status: Duplicate

Thanks for reporting this bug. We are aware of this issue in  bug 683314 .
Project Member

Comment 3 by, May 10 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot

Sign in to add a comment