New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 802070 link

Starred by 1 user
Status: Duplicate
Merged: issue 703750
Owner: ----
Closed: Jan 2018
Cc:
mgiuca@chromium.org
js...@chromium.org
ios-bugs@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac
Pri: ----
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

Security: Whole-script confusable domain label spoofing with using (ԥ,ӊ...)

Reported by chromium...@gmail.com, Jan 15 2018 
VERSION
Chrome Version: 65.0.3322.0 (Official Build) canary (64-bit)
Operating System: All

This is similar to  issue 793628 . In this report I used some character like U+04CF (ԥ) instead of 'п' and 'Ӊ' instead of 'н'

E.g:

http://xn--80aa2cah8a7f79b.com/ (http://шӊатѕарр.com)
http://xn--e1ajo5gd53eyktj.com/ (http://ӏіпкеԁіԥ.com)

Comment 1 by elawrence@chromium.org, Jan 15 2018

Cc: js...@chromium.org mgiuca@chromium.org
Components: UI>Security>UrlFormatting UI>Internationalization
Labels: OS-Android OS-Chrome OS-iOS OS-Linux OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)

Comment 2 by nparker@chromium.org, Jan 17 2018

Mergedinto: 703750
Status: Duplicate (was: Untriaged)
Per mgiuca@, this is considered a "near-homoglyph same-script confusable" covered by  crbug.com/703750 . The resolution is that we can't solve these generally but we blacklist spoofs against top domains.
Project Member

Comment 3 by sheriffbot@chromium.org, Apr 25 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment