New issue
Advanced search Search tips

Issue 747723 link

Starred by 2 users
Status: Available
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug
Team-Security-UX

Blocking:
issue 392354



Sign in to add a comment

Certificate interstitial inexplicably disappears

Reported by ke...@vcsjones.com, Jul 23 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

Steps to reproduce the problem:
1. Open a site with a certificate interstitial due to a cert error (missing SAN)
2. Wait, click around.

What is the expected behavior?
The interstitial remains until dismissed or the tab is closed.

What went wrong?
The interstitial disappeared, showing the previous page.

Did this work before? N/A 

Chrome version: 59.0.3071.115  Channel: stable
OS Version: OS X 10.12.5
Flash Version: 

This happens only sometimes. It doesn't always happen immediately as it does in the video. Sometimes waiting will cause it to happen, other times clicking somewhere in the interstitial will cause it like the "Advanced" section.

Most often, it works as expected.

Extensions installed:
1. ldfbacdbackkjhclmhnjabngnppnkagh (moarTLS Analyizer)
2. cjpalhdlnbpafiamejdnhcphjbkeiagm (uBlock Origin)
3. The in-the-box Google Docs, sheets, etc.
certthing.mp4
165 KB View Download

Comment 1 by elawrence@chromium.org, Jul 23 2017

Components: UI>Browser>Interstitials

Comment 2 by est...@chromium.org, Jul 23 2017

Blocking: 392354
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: Available (was: Unconfirmed)
Weird. I've seen this happen before when you refresh while an interstitial is showing, but never spontaneously like this.

Removing security labels since going back doesn't really present a security risk to users. I'm going to lump this in to our interstitial refactor which we will hopefully be doing this quarter; not sure it makes sense to track this one down on its own.

Comment 3 by ke...@vcsjones.com, Aug 16 2017 

Thanks for taking a look!

I wasn't sure if someone smarter than me could figure out a way to abuse this, so I took the cautious road and marked this as a security bug.

Note that while I understand there are some... quirks... with the way interstitials are rendered, this issue for me is particularly frustrating because it can take me several or a dozen of attempts to actually work around the interstitial because it disappears.

I don't know why or if this is specific to me, but I can reproduce it across three different Macs, albeit in very similar configurations.

I hope this helps with the priority of re-examining interstitials. In the mean time, I am working to remedy the need for the interstitial in the first place.

Comment 4 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 5 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment