Issue 760623 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 705778
Owner:	----
Closed:	Aug 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: chrome on android addressbar spoofing due to second level domain

Reported by ma7h1a...@gmail.com, Aug 30 2017

Issue description

AFFECTED PRODUCTS
--------------------
chrome 60.0.3112.107 android


DESCRIPTION
--------------------
The chrome on Android did not handle the second level domain right
so it could be spoofed by a crafted second level domain
online demo http://www.math1as.com/spoof.html with HTTPS lock
fake.jpg and fake2.jpg shows the spoof result


SOLUTION
--------------------
add "....." in the end of addressBar as the chrome on windows do

	fake1.jpg 90.4 KB View Download

	fake2.jpg 89.5 KB View Download

Comment 1 by elawrence@chromium.org, Aug 30 2017

Mergedinto: 705778
Status: Duplicate (was: Unconfirmed)

Project Member

Comment 2 by sheriffbot@chromium.org, Dec 31 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 760623 link

Issue metadata

Security: chrome on android addressbar spoofing due to second level domain

Issue description

Comment 1 by elawrence@chromium.org, Aug 30 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Dec 31 2017

Comment 2 Deleted

Sign in to add a comment