New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 735458 link

Starred by 2 users
Status: Duplicate
Merged: issue 683314
Owner: ----
Closed: Jun 2017
Cc:
mgiuca@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

Security: IDN allows spoofing in Omnibox

Reported by gnehs...@gmail.com, Jun 21 2017 
DESCRIPTION:
Multiple domain spoofing in Omnibox

VERSION
Chrome Version: Version 59.0.3071.109 (Official Build) (64-bit) stable
Operating System: Ubuntu 16.04.2 LTS

REPRODUCTION CASE

y໐utube.com (U+0ED0)
soհu.com (U+0570)
amazoո.com (U+0578)
baidս.com (U+057D)
գuora.com (U+0563)

Comment 1 by elawrence@chromium.org, Jun 21 2017

Components: UI>Security>UrlFormatting UI>Internationalization
Summary: Security: IDN allows spoofing in Omnibox (was: Security: Multiple domain spoofing in Omnibox)
All of these domains render in Punycode (breaking spoofing) in Chrome 61, indicating that this issue has been fixed. Likely dupe of  Issue 683314 .

Comment 2 by mmoroz@chromium.org, Jun 21 2017

Mergedinto: 683314
Status: Duplicate (was: Unconfirmed)

Comment 3 by gnehs...@gmail.com, Jun 22 2017 

elawrence@ still work in Chrome 61.

www.c໐nverse.com
www.skecհers.com
www.ոewbalance.com
www.pսma.com
Project Member

Comment 4 by sheriffbot@chromium.org, Sep 28 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by mea...@chromium.org, Oct 19

Labels: idn-spoof

Sign in to add a comment