New issue
Advanced search Search tips

Issue 775447 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Oct 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: google.co.il/index.html? is not secure by ssl no encryption

Reported by kobi19...@gmail.com, Oct 17 2017

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
hi
the url www.google.co.il/index.html? is not secure by ssl
there is no encryption.
my user already log in - 


VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev]
Operating System: [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]


 
kobi.png
42.7 KB View Download
kobi2.png
118 KB View Download

Comment 1 by kobi19...@gmail.com, Oct 17 2017

there is a sensative that can be stolen or hacked
due to use of cleattext
also i got this message:
Request URL:https://notifications.google.com/u/0/widget?sourceid=1&hl=iw&origin=http://www.google.co.il&jsh=m;/_/scs/abc-static/_/js/k%3Dgapi.gapi.en.CMK08v540qY.O/m%3D__features__/am%3DAAg/rt%3Dj/d%3D1/rs%3DAHpOoo-zuYXPOIuiHXsKOXE2DwZ06yC48g&pli=1
Request Method:GET
Status Code:403 
Remote Address:172.217.16.206:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
 (11)
Request Headers

Comment 2 by kenrb@chromium.org, Oct 17 2017

Status: WontFix (was: Unconfirmed)
This tracker is for issues with the Chrome browser, not Google web properties.

It isn't clear from your report why you are able to access a non-SSL Google landing page, but you might submit it to a Google help forum for assistance with that question.
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 24 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by kobi19...@gmail.com, Jan 24 2018

ok
its after you fix the bug i report
now its secure by ssl before it wasnt secured by ssl

thank you!

2018-01-24 16:04 GMT+02:00 sheriff… via monorail <
monorail+v2.4164592774@chromium.org>:

Sign in to add a comment