New issue
Advanced search Search tips

Issue 734590 link

Starred by 2 users
Status: Fixed
Owner:
est...@chromium.org
Closed: Nov 2017
Cc:
elawrence@chromium.org
emilyschechter@chromium.org
edwardjung@chromium.org
mea...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug
Team-Security-UX

Blocked on:
issue 735803
issue 736110
issue 736166

Show other hotlists

Hotlists containing this issue:
EnamelAndFriendsFixIt


Sign in to add a comment

Blacklist the Superfish root and show custom interstitial

Project Member Reported by est...@chromium.org, Jun 19 2017 
Some users still have Superfish installed, sadly. The Superfish software uses SHA-1 signatures, which means these users are seeing ERR_CERT_WEAK_SIGNATURE_ALGORITHM interstitials on every HTTPS page load.

The interstitial should be non-bypassable and should instruct the user how to remove the software and root (with a Help Center link for more information, though users will have to visit it on another device).

We'll also blacklist the root SPKI in net/data/ssl/blacklist. This protects users who might have uninstalled the software but not the root, or users who might have SHA-1 allowed by policy.

Comment 1 by srahim@chromium.org, Jun 19 2017 

Strings have been updated per discussion; see go/superfish-strings.

Comment 2 by est...@chromium.org, Jun 22 2017

Blockedon: 735803

Comment 3 by est...@chromium.org, Jun 22 2017

Blockedon: 736110

Comment 4 by est...@chromium.org, Jun 23 2017

Blockedon: 736166
Project Member

Comment 5 by bugdroid1@chromium.org, Jun 23 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab

commit 5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab
Author: estark <estark@chromium.org>
Date: Fri Jun 23 02:00:56 2017

Implement a skeleton of the Superfish interstitial

This CL adds SuperfishBlockingPage and SuperfishErrorUI classes to display the
Superfish interstitial. SSLErrorHandler checks for the Superfish certificate
fingerprint and uses a SuperfishBlockingPage (a subclass of SSLBlockingPage)
when it's present.

The strings displayed by SuperfishErrorUI are stubs for now; those will be
filled in to match the mocks in a follow-up.

SSLBlockingPage is modified a bit to allow a subclass that uses its own subclass
of SSLErrorUI. And SSLErrorUI is modified a bit to allow a subclass that uses
special strings.

The certificate error report format is updated to report when the Superfish
interstitial is shown (similar to how clock and captive portal interstitials are
reported). Certificate reporting for the Superfish interstitial is missing a
test; see  https://crbug.com/735803 .

This is all gated behind the SuperfishInterstitial Finch feature.

BUG= 734590 

Review-Url: https://codereview.chromium.org/2949003003
Cr-Commit-Position: refs/heads/master@{#481781}

[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/chrome/browser/ssl/ssl_blocking_page.cc
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/chrome/browser/ssl/ssl_blocking_page.h
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/chrome/browser/ssl/ssl_browser_tests.cc
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/chrome/browser/ssl/ssl_error_handler.cc
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/certificate_reporting/cert_logger.proto
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/certificate_reporting/error_report.cc
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/certificate_reporting/error_report.h
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/security_interstitials/core/BUILD.gn
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/security_interstitials/core/ssl_error_ui.cc
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/security_interstitials/core/ssl_error_ui.h
[add] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/security_interstitials/core/superfish_error_ui.cc
[add] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/security_interstitials/core/superfish_error_ui.h
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/components/security_interstitials_strings.grdp
[modify] https://crrev.com/5cbbc0943d80dbd7ba1e89694f921d61ff12e3ab/testing/variations/fieldtrial_testing_config.json
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4d972ec95d82f6a371eec0efad85815ae600489f

commit 4d972ec95d82f6a371eec0efad85815ae600489f
Author: estark <estark@chromium.org>
Date: Sat Jun 24 07:20:13 2017

Update Superfish interstitial strings

This adds clean-up instructions to the Superfish interstitial. Strings might
get simplified still but this will give us something to start with.

There's also a help center URL that needs to be subbed out for a short link when
we have one ready.

BUG= 734590 

Review-Url: https://codereview.chromium.org/2953963002
Cr-Commit-Position: refs/heads/master@{#482146}

[modify] https://crrev.com/4d972ec95d82f6a371eec0efad85815ae600489f/components/security_interstitials_strings.grdp
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/533ab462db62db67b3f4c25f6ed40b6497b4bed9

commit 533ab462db62db67b3f4c25f6ed40b6497b4bed9
Author: Emily Stark <estark@google.com>
Date: Mon Jul 10 22:23:12 2017

Blacklist the Superfish root certificate

The Superfish software causes certificate errors on every HTTPS page load
starting in M57, because it uses SHA-1 signatures. We've decided to blacklist
the root to prevent these errors from being bypassable and guide users into
cleaning up their machines. Blacklisting the root will also protect users who
may have uninstalled the software but not the root, or for whom SHA-1 is allowed
by policy.

BUG= 734590 

Change-Id: I99d38b0d8940d52dfc3355b9ca3aa619ddfec3ee
Reviewed-on: https://chromium-review.googlesource.com/565747
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485422}
[modify] https://crrev.com/533ab462db62db67b3f4c25f6ed40b6497b4bed9/net/cert/cert_verify_proc_blacklist.inc
[modify] https://crrev.com/533ab462db62db67b3f4c25f6ed40b6497b4bed9/net/data/ssl/blacklist/README.md
[add] https://crrev.com/533ab462db62db67b3f4c25f6ed40b6497b4bed9/net/data/ssl/blacklist/b6fe9151402bad1c06d7e66db67a26aa7356f2e6c644dbcf9f98968ff632e1b7.pem

Comment 8 by mea...@chromium.org, Nov 8 2017 

I think this is already on stable, can we close it?

Comment 9 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 10 by est...@chromium.org, Nov 10 2017

Status: Fixed (was: Assigned)

Sign in to add a comment