Issue metadata
Sign in to add a comment
|
Unicode TLDs cause confusion and are a phishers paradise
Reported by
syoso...@gmail.com,
Mar 8 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 Steps to reproduce the problem: 1. Read https://support.binance.com/hc/en-us/articles/360001547431 What is the expected behavior? N/A What went wrong? Phishers successfully confused visitors and attempted a massive crypto-currency heist. Did this work before? N/A Chrome version: 64.0.3282.186 Channel: n/a OS Version: 10.0 Flash Version: Decent read about the problem and casually suggested solutions: https://www.schneier.com/blog/archives/2017/04/faking_domain_n.html. Chrome should take the lead on this one.
,
Mar 12 2018
As this issue is out of TE scope of triaging adding TE-NeedsTriageHelp label for further investigation from dev team. Tentatively adding UI>Security>UrlFormatting and UI>Browser>Omnibox components. Please remove if they are not appropriate. Thanks!
,
Mar 12 2018
Marking WontFix not because we don't think this is a problem but because we've already been dealing with this for some time. Chrome has a spoof checker that maps similar-looking characters to each other and prevents Unicode display of domains that look like popular domains. Bugs on specific cases we don't catch are in-scope. Long-term we believe this problem is better solved at the registrar level than the browser level. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by susan.boorgula@chromium.org
, Mar 9 2018