New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 756977 link

Starred by 1 user
Status: Duplicate
Merged: issue 726950
Owner: ----
Closed: Aug 2017
Cc:
js...@chromium.org
mgiuca@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

Security: Chrome IDN domain spoof with unicode lao character

Reported by xis...@gmail.com, Aug 18 2017 
VULNERABILITY DETAILS
Chrome IDN domain spoofing with unicode lao character

VULNERABILITY DETAILS
Chrome Version: 60.0.3112.101 stable , 62.0.3189.0 canary ,60.0.3112.89(ios)
Operating System: Windows,macOS,IOS

REPRODUCTION CASE
https://www.xn--google-n6u.com (U+0ECD)
https://www.xn--google-g6u.com (U+0ECC)
https://www.xn--google-n5u.com (U+0EC8)
https://www.xn--google-g2u.com (U+0EB8)
https://www.xn--google-85u.com (U+0ECB)
spoof-(U+0ECB).png
35.2 KB View Download

Comment 1 by elawrence@chromium.org, Aug 18 2017

Cc: js...@chromium.org
Components: UI>Browser>Omnibox UI>Internationalization

Comment 2 by lgar...@chromium.org, Aug 23 2017

Components: -UI>Internationalization UI>Security>UrlFormatting

Comment 3 by ta...@google.com, Aug 23 2017

Mergedinto: 756866
Status: Duplicate (was: Unconfirmed)
I'm gonna close this as a duplicate of 756866. Thank you for discovering the problem in other character set.

Comment 4 by js...@chromium.org, Nov 14 2017

Mergedinto: -756866 726950
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 30 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by mea...@chromium.org, Oct 19

Labels: idn-spoof

Sign in to add a comment