Issue metadata
Sign in to add a comment
|
Security: Whole-script confusable domain label spoofing with using (ԥ,ӊ...)
Reported by
chromium...@gmail.com,
Jan 15 2018
|
||||||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 65.0.3322.0 (Official Build) canary (64-bit) Operating System: All This is similar to issue 793628 . In this report I used some character like U+04CF (ԥ) instead of 'п' and 'Ӊ' instead of 'н' E.g: http://xn--80aa2cah8a7f79b.com/ (http://шӊатѕарр.com) http://xn--e1ajo5gd53eyktj.com/ (http://ӏіпкеԁіԥ.com)
,
Jan 17 2018
Per mgiuca@, this is considered a "near-homoglyph same-script confusable" covered by crbug.com/703750 . The resolution is that we can't solve these generally but we blacklist spoofs against top domains.
,
Apr 25 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jan 15 2018Components: UI>Security>UrlFormatting UI>Internationalization
Labels: OS-Android OS-Chrome OS-iOS OS-Linux OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)