New issue
Advanced search Search tips

Issue 734181 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Sep 2017
Cc:
elawrence@chromium.org
nparker@chromium.org
mbarbe...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

URL Spoofing via Armenian mixed confusables

Reported by rayyan...@gmail.com, Jun 16 2017 
cnո.com ( http://xn--cn-ded.com/ )
yoսtube.com ( http://xn--yotube-qkh.com/ )

What's wrong?

Doesn't show in punnycode

More Info:

“ս” --> U+054D 

“ո” --> U+0578 Armenian Small Letter

Comment 1 by elawrence@chromium.org, Sep 6 2017

Components: UI>Browser>Omnibox UI>Internationalization
Summary: URL Spoofing via Armenian mixed confusables (was: URL Spoofing )
On what platform and version are you able to reproduce a problem?

These both show in Punycode in Chrome 61.

Comment 2 by nparker@chromium.org, Sep 6 2017

Labels: Needs-Feedback

Comment 3 by nparker@chromium.org, Sep 6 2017

Cc: nparker@chromium.org elawrence@chromium.org
Labels: -Needs-Feedback
Status: WontFix (was: Unconfirmed)
Ah weird, this bug was filed three months ago. I'm not clear on why it only now showed up on the security sheriff dashboard.

It's quite likely this was fixed since then.

Comment 4 by est...@chromium.org, Sep 6 2017

Cc: mbarbe...@chromium.org
+mbarbella who might know why this didn't show up on the sheriff dashboard
Project Member

Comment 5 by sheriffbot@chromium.org, Dec 14 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment