Issue metadata
Sign in to add a comment
|
Security: ṇ (n with dot below) used for URL Spoofing
Reported by
joseph.s...@gmail.com,
Jan 16 2018
|
||||||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS You should provide a warning on any URL containing the character ṇ Right now, links to such URLs produce no warning, and often have the dot obscured by the underline common under web links - www.citibaṇk.com appears as if it were www.citibank.com, but it is not. I am sure you understand the potential consequences of criminals using such domains for phishing attacks and the like. VERSION Chrome Version: ALL Operating System: ALL REPRODUCTION CASE Please include a demonstration of the security bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. Type www.citibaṇk.com into your browser and you will see...
,
Jan 16 2018
,
Jan 16 2018
Yes, but citibank.com is ok as you mentioned in comment 1.
,
Jan 17 2018
In Version 63.0.3239.132 (Official Build) (64-bit) when I type or paste goldmaṇsachs.com into the browser, the browser shows goldmaṇsachs.com loads the page, and still shows goldmaṇsachs.com in the box.
,
Jan 17 2018
Note: I received a phishing email earlier this week using this technique.
,
Aug 25
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 8
|
|||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jan 16 2018Labels: Needs-Feedback
Summary: Security: ṇ (n with dot below) used for URL Spoofing (was: Security: )