False malware alarms on local routed systems
Reported by
webde...@gmail.com,
Apr 25 2017
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce the problem: 1. Create a webserver local 2. Put some random content 3. route some-malicious-reporting-site to your local website 4. Enjoy the false malware warning every time you visit it (Sum up: Just route a url that might have malicious content somewhere to a safe place and enjoy still the red screen) What is the expected behavior? No warning, since there is no malware. So check where the url ends up to be routed to on the specific client system and dont just check for the url content thats entered into the adress bar. What went wrong? Enter "local.musico.net" which is routed via hosts to localhost and get a get a false malware warning, when accessing my local site. Every time. Did this work before? N/A Chrome version: 57.0.2987.133 Channel: n/a OS Version: 10.0 Flash Version:
,
Apr 25 2017
How can it be intented, when the result must per definition be always false? The information gathered just doesnt apply to the target. So there is actually the WRONG INFORMATION taken into account.
,
May 3 2017
Yup, WAI. The domain name is a primary signal, regardless of what your local DNS gives as its IP. There can be many domains on one IP and many IPs for one domain (depending on load balancing or geolocation). If you have a specific and common use case where what you described is required, please reopen another bug. Thanks. |
||
►
Sign in to add a comment |
||
Comment 1 by elawrence@chromium.org
, Apr 25 2017Components: UI>Browser>SafeBrowsing
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug