HSTS preload g.co |
||
Issue descriptionThe g.co redirector is available in a non-secure manner, an obvious entry point for network bad guys to conduct MITM attacks, especially when considering that g.co links often appear in print or other contexts where the HTTPS:// prefix is likely to be omitted[1]. Chrome should preload this domain to protect users. [1] https://twitter.com/ericlaw/status/1021837451952840704
,
Nov 27
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3e0196569e799fc9250b997fadbf25ac05d65d95 commit 3e0196569e799fc9250b997fadbf25ac05d65d95 Author: Nick Harper <nharper@chromium.org> Date: Tue Nov 27 01:58:35 2018 Preload HSTS for g.co This domain was submitted via hstspreload.org, but since it's in the Google section of the preload list, I'm processing it manually. Bug: b/67939706, crbug.com/867024 Change-Id: I9007c6bf02b5e2871a4e398dc1388b5cf37932bb Reviewed-on: https://chromium-review.googlesource.com/c/1345213 Reviewed-by: Bence Béky <bnc@chromium.org> Cr-Commit-Position: refs/heads/master@{#610993} [modify] https://crrev.com/3e0196569e799fc9250b997fadbf25ac05d65d95/net/http/transport_security_state_static.json
,
Nov 27
|
||
►
Sign in to add a comment |
||
Comment 1 by nhar...@chromium.org
, Nov 20Status: Started (was: Untriaged)