VULNERABILITY DETAILS
I typed address of my bank login page in Chrome. The address is OK with Green Lock icon and ‘Secure’ description, Great! Now Should I enter my username and password? Wait! Let's check, is Certificate OK?
I clicked on lock, where is certificate? Clicked here & there, double clicked here & there, right clicked here & there… Not anywhere. I Googled it.
Wao! there is a “step-by-step technique”:
1. Click on 3 dots on right corner
2. Click on More tools
3. Click on Developer Tools (Oh! Code, am I gonna do programming?)
4. Click on two arrows in the right above the code
5. Click on Security
There you are
Oh this certificate is issued by my company Means my IT team is peeping at my bank usernames, passwords, my balance, transactions??? what if a hacker had installed a certificate in my PC?
Whereas in IE this information is available on just single click on address bar lock icon
VERSION
Chrome Version: [62.0.3202.94] + (Official Build) (32-bit)
Operating System: [Windows, 7, and service pack 1]
REPRODUCTION CASE
Please see attached Word document with screenshots Name of CA certificate has been changed for confidentiality
FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
N/A
|
Deleted:
Chrome.docx
2.6 MB
|
Comment 1 by elawrence@chromium.org
, Dec 6 2017Labels: -Restrict-View-SecurityTeam allpublic
Mergedinto: 718553
Status: Duplicate (was: Unconfirmed)