Issue metadata
Sign in to add a comment
|
Lao could lead to idn spoof
Reported by
zxyrz...@gmail.com,
Apr 15 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Steps to reproduce the problem: http://xn--o7c4g.com/ http://xn--o7ca8kb.com/ What is the expected behavior? What went wrong? ຣ (U+0EA3) => s ໐ (U+0ED0) => o ດ (U+0E94) => n ຮ (U+0EAE) => s ບ (U+0E9A) => u for example, `so.com` and `soso.com` in top domain list could be spoofed by this two characters: ຣ໐ Did this work before? N/A Chrome version: 65.0.3325.181 Channel: stable OS Version: OS X 10.13.4 Flash Version: Shockwave Flash 29.0 r0
,
Apr 16 2018
,
Apr 17 2018
jshin deals with domain name spoofing.
,
Apr 17 2018
U+0e11 (ฑ) and U+0e17 (ท) in Thai can have a similar issue.
,
Apr 18 2018
As you mentioned Thai, I considered about it yet,U+0E01(ก) is more similar to `n` in address bar than U+0e11 (ฑ) and U+0e17 (ท), and U+0E1A (บ) is similar to `u` as well, but there is no more characters looks like common latin characters, maybe U+0E1E (พ) is one
,
May 2 2018
jshin: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 16 2018
jshin: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 22 2018
,
May 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8ac035c31d42cedcc2a772d7765622dc9f406240 commit 8ac035c31d42cedcc2a772d7765622dc9f406240 Author: Jungshik Shin <jshin@chromium.org> Date: Tue May 29 20:16:30 2018 Add Lao/Thai spoofable entries U+0E1E (พ) => w U+0E9E (ພ) => w U+0E9F (ຟ) => w U+0EA3 (ຣ) => s U+0EAE (ຮ) => s U+0E1A (บ) => u U+0E9A (ບ) => u Note that U+0E1F(ฟ) and U+0E23 (ร) were added a while ago. BUG= 833143 TEST=components_unittests --gtest_filter=*IDN* Change-Id: I882e7d272cdca1d80aa23be94b4d7906ff8653c1 Reviewed-on: https://chromium-review.googlesource.com/1058710 Reviewed-by: Peter Kasting <pkasting@chromium.org> Commit-Queue: Jungshik Shin <jshin@chromium.org> Cr-Commit-Position: refs/heads/master@{#562565} [modify] https://crrev.com/8ac035c31d42cedcc2a772d7765622dc9f406240/components/url_formatter/idn_spoof_checker.cc [modify] https://crrev.com/8ac035c31d42cedcc2a772d7765622dc9f406240/components/url_formatter/top_domains/test_domains.list [modify] https://crrev.com/8ac035c31d42cedcc2a772d7765622dc9f406240/components/url_formatter/top_domains/test_skeletons.gperf [modify] https://crrev.com/8ac035c31d42cedcc2a772d7765622dc9f406240/components/url_formatter/url_formatter_unittest.cc
,
May 30 2018
,
Jun 1 2018
Fixed in trunk. Will see if we want to merge to M-67.
,
Jun 1 2018
,
Jun 4 2018
,
Jun 8 2018
,
Jun 8 2018
This bug requires manual review: M68 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 8 2018
Approving merge for 68. BRanch:3440
,
Jun 8 2018
*** Boilerplate reminders! *** Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward. Also, please be considerate about disclosure when the bug affects a core library that may be used by other products. Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward. Please be honest if you have already disclosed anything publicly or to third parties. Lastly, we understand that some of you are not interested in money. We offer the option to donate your reward to an eligible charity. If you prefer this option, let us know and we will also match your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing. *********************************
,
Jun 8 2018
Thanks zxyrzg02@ for the report! The VRP panel decided to award $500 for this report.
,
Jun 9 2018
,
Jun 18 2018
Pls merge you change to M68 branch 3440 ASAP so we can pick it up for this week Beta release. Merge has to happen latest by 1:00 PM PT tomorrow, Tuesday (06/19), so we can pick it up for Wednesday Beta release.
,
Jul 3
Has this been merged yet to M68?
,
Jul 18
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/66b0b8146b61b90c87a4100d76ab9c8e4723d42c commit 66b0b8146b61b90c87a4100d76ab9c8e4723d42c Author: Jungshik Shin <jshin@chromium.org> Date: Wed Jul 18 00:05:52 2018 [M68 branch] Add Lao/Thai spoofable entries U+0E1E (พ) => w U+0E9E (ພ) => w U+0E9F (ຟ) => w U+0EA3 (ຣ) => s U+0EAE (ຮ) => s U+0E1A (บ) => u U+0E9A (ບ) => u Note that U+0E1F(ฟ) and U+0E23 (ร) were added a while ago. BUG= 833143 TEST=components_unittests --gtest_filter=*IDN* TBR=abdulsyed@chromium.org,meacer@chromium.org Change-Id: I882e7d272cdca1d80aa23be94b4d7906ff8653c1 Reviewed-on: https://chromium-review.googlesource.com/1058710 Reviewed-by: Peter Kasting <pkasting@chromium.org> Commit-Queue: Jungshik Shin <jshin@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#562565} Reviewed-on: https://chromium-review.googlesource.com/1141215 Reviewed-by: Jungshik Shin <jshin@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#708} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/66b0b8146b61b90c87a4100d76ab9c8e4723d42c/components/url_formatter/idn_spoof_checker.cc [modify] https://crrev.com/66b0b8146b61b90c87a4100d76ab9c8e4723d42c/components/url_formatter/top_domains/test_domains.list [modify] https://crrev.com/66b0b8146b61b90c87a4100d76ab9c8e4723d42c/components/url_formatter/top_domains/test_skeletons.gperf [modify] https://crrev.com/66b0b8146b61b90c87a4100d76ab9c8e4723d42c/components/url_formatter/url_formatter_unittest.cc
,
Jul 23
,
Aug 28
,
Sep 7
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 19
,
Jan 4
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by carlosil@chromium.org
, Apr 16 2018Labels: -Pri-2 M-66 Security_Severity-Medium Security_Impact-Stable Pri-1
Owner: creis@chromium.org
Status: Assigned (was: Unconfirmed)