U+0D20 is in the list of confusables for Latin 'o', but U+0D1F (ട ) is not for Latin 's'. 

'so.com' and 'soso.com' are in our top 10k list. 

So, for this particular case, a fix would be to add U+0D1F to the list of confusables for Latin 's'. 

so.com is already in the top 10k list. So, it's not blocked by 722022. 
This issue is being fixed by a CL under review. 

A CL is up for review at https://chromium-review.googlesource.com/c/chromium/src/+/805214

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b3f0207c14fccc11aaa9d4975ebe46554ad289cb

commit b3f0207c14fccc11aaa9d4975ebe46554ad289cb
Author: Jungshik Shin <jshin@chromium.org>
Date: Tue Dec 05 09:35:25 2017

Add a few more confusable map entries

1. Map Malaylam U+0D1F to 's'.
2. Map 'small-cap-like' Cyrillic letters to "look-alike" Latin lowercase
letters.

The characters in new confusable map entries are replaced by their Latin
"look-alike" characters before the skeleton is calculated to compare with
top domain names.

Bug:  784761 , 773930 
Test: components_unittests --gtest_filter=*IDNToUni*
Change-Id: Ib26664e21ac5eb290e4a2993b01cbf0edaade0ee
Reviewed-on: https://chromium-review.googlesource.com/805214
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521648}
[modify] https://crrev.com/b3f0207c14fccc11aaa9d4975ebe46554ad289cb/components/url_formatter/idn_spoof_checker.cc
[modify] https://crrev.com/b3f0207c14fccc11aaa9d4975ebe46554ad289cb/components/url_formatter/idn_spoof_checker.h
[modify] https://crrev.com/b3f0207c14fccc11aaa9d4975ebe46554ad289cb/components/url_formatter/top_domains/alexa_domains.list
[modify] https://crrev.com/b3f0207c14fccc11aaa9d4975ebe46554ad289cb/components/url_formatter/top_domains/alexa_skeletons.gperf
[modify] https://crrev.com/b3f0207c14fccc11aaa9d4975ebe46554ad289cb/components/url_formatter/top_domains/make_alexa_top_list.py
[modify] https://crrev.com/b3f0207c14fccc11aaa9d4975ebe46554ad289cb/components/url_formatter/url_formatter_unittest.cc

will bake in canary/dev channel for a while before asking for merge to 63 branch.

I had independent submitted this bug in  issue 759995 . This bug is a perfect clone of so.com, is this SecSeverity-Low?

Asking for merge to 64 branch. 

The CL recorded in comment 8 is simple and safe. It has been baked in 65.x for a month.  

This bug requires manual review: Less than 16 days to go before AppStore submit on M64
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

> The CL recorded in comment 8 is simple and safe. It has been baked in 65.x for a month.  


In addition to this bug, the cl also fixed  bug 773930  (also slated for M64). 

Approving merge to M64. Branch:3282

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/908ed3e510e06341b8e9143c5e5cea94dad30e30

commit 908ed3e510e06341b8e9143c5e5cea94dad30e30
Author: Jungshik Shin <jshin@chromium.org>
Date: Fri Jan 05 19:46:54 2018

[M64 branch] Add a few more confusable map entries

1. Map Malaylam U+0D1F to 's'.
2. Map 'small-cap-like' Cyrillic letters to "look-alike" Latin lowercase
letters.

The characters in new confusable map entries are replaced by their Latin
"look-alike" characters before the skeleton is calculated to compare with
top domain names.

TBR=jshin@chromium.org

(cherry picked from commit b3f0207c14fccc11aaa9d4975ebe46554ad289cb)

Bug:  784761 , 773930 
Test: components_unittests --gtest_filter=*IDNToUni*
Change-Id: Ib26664e21ac5eb290e4a2993b01cbf0edaade0ee
Reviewed-on: https://chromium-review.googlesource.com/805214
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#521648}
Reviewed-on: https://chromium-review.googlesource.com/852973
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#421}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
[modify] https://crrev.com/908ed3e510e06341b8e9143c5e5cea94dad30e30/components/url_formatter/idn_spoof_checker.cc
[modify] https://crrev.com/908ed3e510e06341b8e9143c5e5cea94dad30e30/components/url_formatter/idn_spoof_checker.h
[modify] https://crrev.com/908ed3e510e06341b8e9143c5e5cea94dad30e30/components/url_formatter/top_domains/alexa_domains.list
[modify] https://crrev.com/908ed3e510e06341b8e9143c5e5cea94dad30e30/components/url_formatter/top_domains/alexa_skeletons.gperf
[modify] https://crrev.com/908ed3e510e06341b8e9143c5e5cea94dad30e30/components/url_formatter/top_domains/make_alexa_top_list.py
[modify] https://crrev.com/908ed3e510e06341b8e9143c5e5cea94dad30e30/components/url_formatter/url_formatter_unittest.cc

This bug may assigned a CVE ID ？

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I noticed the issue I reported have been fixed for long time. Has it been assigned CVE number for me? Would anybody give me an explanation?