Issue metadata
Sign in to add a comment
|
User can be tricked by Phishing attack
Reported by
de.a...@gmail.com,
Feb 25 2017
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0 Steps to reproduce the problem: 1. Type the below url on Chrome browser http://yahoo.com&gibberish=1234@cnn.com 2. Chrome will parse it appropriately and open cnn.com url without any warning. 3. An attacker can trick victims by sites similar below: http://yahoo.com&gibberish=1234@eveil.com/some/malicious/urlname/ User will think the domain is yahoo.com What is the expected behavior? The user should get a warning that it can be a phishing trick ( Firefox is warning) What went wrong? An Phisher may trick a normal user by making him think that the URL domain is yahoo.com when actually he is opening evil.com Did this work before? N/A Chrome version: Version 56.0.2924.87 (64-bit) Channel: n/a OS Version: OS X 10.12 Flash Version: Shockwave Flash 24.0 r0
,
Jun 4 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by infe...@chromium.org
, Feb 25 2017