Issue metadata
Sign in to add a comment
|
'Security: IDN URL Spoofing with "Cyrillic Letter Ukrainian Ie"
Reported by
chromium...@gmail.com,
Jan 18 2018
|
||||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 65.0.3324.0 Operating System: All REPRODUCTION CASE This 'є' cyrillic Letter Ukrainian Ie should be mapped to "e". http://xn--80ats4a3djbc25m.org/
,
Jan 19 2018
,
Jan 19 2018
,
Jan 23 2018
That's because U+0454 is not regarded as 'similar to' Latin small letter E. To fix bug 793628 , I added a bunch of supplementary confusable map entries, but U+0454(є) went unnoticed. I'll map it to U+0454.
,
Jan 23 2018
Given that a fix for bug 793628 was rejected for merge to M64, a fix for this one will not be accepted in M64 branch either.
,
Jan 24 2018
Will be fixed soon. My CL is in the CQ.
,
Jan 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2dff123516e9a637924990c9605f88b10244dc0d commit 2dff123516e9a637924990c9605f88b10244dc0d Author: Jungshik Shin <jshin@chromium.org> Date: Wed Jan 24 23:16:41 2018 Map U+0454 (є) to 'e' (small E) Bug: 803571 Test: components_unittests --gtest_filter=*IDN* Change-Id: I8cc473d0e74208076a2aa17c1869d14bbfaa20ed Reviewed-on: https://chromium-review.googlesource.com/882006 Commit-Queue: Jungshik Shin <jshin@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Cr-Commit-Position: refs/heads/master@{#531739} [modify] https://crrev.com/2dff123516e9a637924990c9605f88b10244dc0d/components/url_formatter/idn_spoof_checker.cc [modify] https://crrev.com/2dff123516e9a637924990c9605f88b10244dc0d/components/url_formatter/url_formatter_unittest.cc
,
Jan 25 2018
,
Jan 29 2018
,
Feb 5 2018
I'm afraid the VRP panel declined to reward for this one. Thanks for the report though!
,
Feb 5 2018
Happy for that :-). Thanks ever such a lot!
,
Feb 8 2018
,
Feb 8 2018
,
Feb 9 2018
This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 9 2018
[Bulk Edit] +awhalley@ (Security TPM) for M65 merge review
,
Feb 9 2018
We can wait until 66 for this.
,
Apr 17 2018
,
Apr 25 2018
,
Apr 25 2018
,
May 3 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 19
,
Dec 4
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by nparker@chromium.org
, Jan 18 2018Labels: Security_Severity-Medium Security_Impact-Stable OS-Chrome OS-Linux OS-Mac OS-Windows
Owner: js...@chromium.org
Status: Assigned (was: Unconfirmed)