Security: IDN URL Spoofing with using ŋ (U+014B)
Reported by
chromium...@gmail.com,
Feb 2 2018
|
||||||||||||||||
Issue descriptionVERSION Chrome Version: 66.0.3336.0 (Official Build) canary (64-bit) Operating System: All REPRODUCTION CASE - Load http://xn--istagram-irb.com Similar to bug 798892 . This ŋ (U+014B) is regarded as similar to Latin small letter N, so it should be blocked, but I could be wrong.
,
Feb 2 2018
Assigning to jshin per go/url-spoofs.
,
Feb 3 2018
> This ŋ (U+014B) is regarded as similar to Latin small letter N, Well, the current Unicode data does not. It has to be added to Chrome's Supplementary list to be regarded as similar.
,
Feb 14 2018
,
Feb 14 2018
,
Feb 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/37747f4a4972e6d44d3f956f8d3a63255ef0941a commit 37747f4a4972e6d44d3f956f8d3a63255ef0941a Author: Jungshik Shin <jshin@chromium.org> Date: Thu Feb 15 06:56:39 2018 Add more entries to the confusability mapping U+014B (ŋ) => n U+1004 (င) => c U+100c (ဌ) => g U+1042 (၂) => j U+1054 (ၔ) => e Bug: 811117 , 808316 Test: components_unittests -gtest_filter=*IDN* Change-Id: I29f73c48d665bd9070050bd7f0080563635b9c63 Reviewed-on: https://chromium-review.googlesource.com/919423 Reviewed-by: Peter Kasting <pkasting@chromium.org> Commit-Queue: Jungshik Shin <jshin@chromium.org> Cr-Commit-Position: refs/heads/master@{#536955} [modify] https://crrev.com/37747f4a4972e6d44d3f956f8d3a63255ef0941a/components/url_formatter/idn_spoof_checker.cc [modify] https://crrev.com/37747f4a4972e6d44d3f956f8d3a63255ef0941a/components/url_formatter/top_domains/test_domains.list [modify] https://crrev.com/37747f4a4972e6d44d3f956f8d3a63255ef0941a/components/url_formatter/top_domains/test_skeletons.gperf [modify] https://crrev.com/37747f4a4972e6d44d3f956f8d3a63255ef0941a/components/url_formatter/url_formatter_unittest.cc
,
Feb 15 2018
Verified on 66.0.3349.0. Thanks as ever!
,
Feb 19 2018
Verified in 66.0.3350 as well. Thank you for verifying. http://xn--istagram-irb.com/ is shown in punycode instead of iŋstagram.com . Requesting for merge to M-65 branch. The el recorded in comment 6 is simple (adding a few extra mapping entries) and safe.
,
Feb 19 2018
This bug requires manual review: Less than 11 days to go before AppStore submit on M65 Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 19 2018
,
Feb 19 2018
+ awhalley@ (Security TPM) for M65 merge review
,
Feb 19 2018
,
Feb 20 2018
,
Feb 26 2018
I'm afraid the VRP panel declined to award for this one. Thanks for the report, as ever :-)
,
Apr 17 2018
,
Apr 25 2018
,
Apr 25 2018
,
May 28 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 19
,
Dec 4
|
||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||
Comment 1 by elawrence@chromium.org
, Feb 2 2018Components: UI>Security>UrlFormatting UI>Internationalization
Labels: OS-Android OS-Chrome OS-Fuchsia OS-iOS OS-Linux OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)