New issue
Advanced search Search tips

Issue 797546 link

Starred by 3 users
Status: Archived
Owner: ----
Closed: Sep 13
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

Chrome displays secure HTTPS pages as "Not secure" while loading

Reported by 93m4qau...@gmail.com, Dec 24 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36

Steps to reproduce the problem:
1. Navigate to a site secured with valid HTTPS, such as https://www.google.com. (Note: You may have to clear cache so that you have enough time to observe without it loading from cache instantly.)
2. Click "View site information" just left of the URL in the omnibox.
3. While the page is loading, it will report "Your connection to this site is not secure". Once the page is loaded, it will correctly report "Secure connection".

What is the expected behavior?
Any page secured with valid HTTPS should be reported as "Secure connection" even while loading, not just after it has completely loaded.

What went wrong?
Pages that are secured with valid HTTPS are reported as "Your connection to this site is not secure" while loading and are only reported as "Secure connection" once they have completely loaded.

Did this work before? N/A 

Chrome version: 63.0.3239.108  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

I have no reason to believe that there is any security hole associated with this issue, just a UI issue.

Comment 1 by krajshree@chromium.org, Dec 25 2017

Labels: Needs-Triage-M63

Comment 2 by krajshree@chromium.org, Dec 29 2017

Components: UI>Browser>Omnibox
Labels: Triaged-ET M-65 OS-Linux OS-Mac
Status: Untriaged (was: Unconfirmed)
Able to reproduce this issue on Mac 10.12.6, Win-10 and Ubuntu 14.04 using chrome reported version #63.0.3239.108 and latest canary #65.0.3306.0.
This is a non-regression issue as it is observed from M50 old builds. 

Hence, marking it as untriaged to get more inputs from dev team.

Thanks...!!

Comment 3 by 93m4qau...@gmail.com, Dec 29 2017 

It also momentarily displays as insecure while loading under Developer Tools > Security, not just the omnibox.

Comment 4 by mpear...@chromium.org, Jan 4 2018

Components: -UI -UI>Browser>Omnibox UI>Browser>Omnibox>SecurityIndicators>VerboseChip

Comment 5 by 93m4qau...@gmail.com, Jan 4 2018 

Can you also add the component label for the DevTools Security tab since that is affected as well?

Comment 6 by est...@chromium.org, Jan 7 2018

Components: -UI>Browser>Omnibox>SecurityIndicators>VerboseChip UI>Browser>Bubbles>PageInfo
Labels: -Pri-2 OS-Chrome Pri-3
Status: Available (was: Untriaged)

Comment 7 by 93m4qau...@gmail.com, Jan 7 2018 

The verbose chip is affected as well.

Comment 8 by robliao@chromium.org, Sep 13

Status: Archived (was: Available)
Archiving old bugs that haven't been actively assigned in over 180 days.

If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!

Sign in to add a comment