New issue
Advanced search Search tips
Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

'Security: IDN URL Spoofing with "Cyrillic Letter Ukrainian Ie"

Reported by chromium...@gmail.com, Jan 18 2018

Issue description

VERSION
Chrome Version: 65.0.3324.0
Operating System: All

REPRODUCTION CASE

This 'є' cyrillic Letter Ukrainian Ie should be mapped to "e".

http://xn--80ats4a3djbc25m.org/
 
Screen Shot 2018-01-18 at 19.59.35.png
33.0 KB View Download
Components: UI>Browser>Omnibox UI>Security>UrlFormatting
Labels: Security_Severity-Medium Security_Impact-Stable OS-Chrome OS-Linux OS-Mac OS-Windows
Owner: js...@chromium.org
Status: Assigned (was: Unconfirmed)
jshin -- Can you take a look? I thought this would be fixed by  crbug.com/703750  but it's not.
Project Member

Comment 2 by sheriffbot@chromium.org, Jan 19 2018

Labels: M-64
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 19 2018

Labels: Pri-1

Comment 4 by js...@chromium.org, Jan 23 2018

That's because U+0454 is not regarded as 'similar to' Latin small letter E. 

To fix  bug 793628 , I added a bunch of supplementary confusable map entries, but U+0454(є) went unnoticed. 

I'll map it to U+0454. 

Comment 5 by js...@chromium.org, Jan 23 2018

Labels: -M-64 M-65
Given that a fix for  bug 793628  was rejected for merge to M64, a fix for this one will not be accepted in M64 branch either. 

Comment 6 by js...@chromium.org, Jan 24 2018

Status: Started (was: Assigned)
Will be fixed soon. My CL is in the CQ. 

Project Member

Comment 7 by bugdroid1@chromium.org, Jan 24 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2dff123516e9a637924990c9605f88b10244dc0d

commit 2dff123516e9a637924990c9605f88b10244dc0d
Author: Jungshik Shin <jshin@chromium.org>
Date: Wed Jan 24 23:16:41 2018

Map U+0454 (є) to 'e' (small E)

Bug:  803571 
Test: components_unittests --gtest_filter=*IDN*
Change-Id: I8cc473d0e74208076a2aa17c1869d14bbfaa20ed
Reviewed-on: https://chromium-review.googlesource.com/882006
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#531739}
[modify] https://crrev.com/2dff123516e9a637924990c9605f88b10244dc0d/components/url_formatter/idn_spoof_checker.cc
[modify] https://crrev.com/2dff123516e9a637924990c9605f88b10244dc0d/components/url_formatter/url_formatter_unittest.cc

Comment 8 by js...@chromium.org, Jan 25 2018

Status: Fixed (was: Started)

Comment 9 by awhalley@google.com, Jan 29 2018

Labels: reward-topanel
Labels: -reward-topanel reward-0
I'm afraid the VRP panel declined to reward for this one.  Thanks for the report though!
Happy for that :-). Thanks ever such a lot!
Project Member

Comment 12 by sheriffbot@chromium.org, Feb 8 2018

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member

Comment 13 by sheriffbot@chromium.org, Feb 8 2018

Labels: Merge-Request-65
Project Member

Comment 14 by sheriffbot@chromium.org, Feb 9 2018

Labels: -Merge-Request-65 Merge-Review-65 Hotlist-Merge-Review
This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Cc: awhalley@chromium.org
[Bulk Edit]

+awhalley@ (Security TPM) for M65 merge review
Labels: -M-65 -Merge-Review-65 M-66 Merge-Rejected-65
We can wait until 66 for this.
Labels: Release-0-M66
Labels: CVE-2018-6105
Labels: CVE_description-missing
Project Member

Comment 20 by sheriffbot@chromium.org, May 3

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment