New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 813583 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Feb 2018
Cc:
mgiuca@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security
Team-Security-UX



Sign in to add a comment

Security: URL Spoofing via IDN

Reported by rayyan...@gmail.com, Feb 19 2018 
Steps to reproduce the problem:

there are some letters which are exactly look alike, I don't know if they're allowed or not but if they're allowed then we've got a serious problem over here. Why because Nowadays, There's trend of buying/selling Crypto-Currencies and people are spending over thousands of dollar on it. Many of the crypto-currency websites have suspended new registrations, hence, scammers are using these tricks to copy the top websites. 

For example: 

-) “ṇ” (U+1E47) --> https://www.xn--biace-4l1bb.com/ ( http://biṇaṇce.com ) 

note the . under n

Real: https://www.binance.com/

What went wrong?
It doesn't covert it into punnycode.

Comment 1 by elawrence@chromium.org, Feb 19 2018

Components: UI>Browser>Omnibox UI>Security>UrlFormatting
Status: WontFix (was: Unconfirmed)
Summary: Security: URL Spoofing via IDN (was: Security: URL Spoofing)
I'm not able to reproduce any spoofing here. In Chrome 65 and Chrome 66, the domain is shown in Punycode encoded form.
Screen Shot 2018-02-19 at 9.25.09 AM.png
33.0 KB View Download
Project Member

Comment 2 by sheriffbot@chromium.org, May 29 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by mea...@chromium.org, Oct 19

Labels: idn-spoof

Sign in to add a comment