New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Sep 14
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac , Fuchsia
Pri: 1
Type: Bug-Security
Team-Security-UX



Sign in to add a comment
link

Issue 882078: Security: IDN URL Spoofing with “ก”

Reported by chromium...@gmail.com, Sep 8

Issue description

VERSION
Chrome Version: 71.0.3545.3 (Official Build) canary (64-bit)
Operating System: Mac

REPRODUCTION CASE


Visit http://xn--11-lqi.com/

- U+0E01 (ก) is more similar to 'n'

Note: n11.com is a top-10K site.
 
Screen Shot 2018-09-08 at 02.35.18.png
31.1 KB View Download

Comment 1 by chromium...@gmail.com, Sep 8

Looks like U+0E01 (ก) was missed in  bug 833143 .

Comment 2 by mpdenton@google.com, Sep 9

Cc: js...@chromium.org mea...@chromium.org
Components: UI>Browser>Omnibox UI>Security>UrlFormatting
Labels: Security_Severity-Medium Security_Impact-Stable OS-Android OS-Chrome OS-Fuchsia OS-iOS OS-Linux OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)

Comment 3 by sheriffbot@chromium.org, Sep 10

Project Member
Labels: M-69 Target-69

Comment 4 by sheriffbot@chromium.org, Sep 10

Project Member
Labels: Pri-1

Comment 5 by cthomp@chromium.org, Sep 12

Owner: cthomp@chromium.org
Status: Started (was: Untriaged)
I have a quick CL up to add this to the confusables list while meacer is OOO:

https://chromium-review.googlesource.com/c/chromium/src/+/1220773

Comment 7 by cthomp@chromium.org, Sep 14

Status: Fixed (was: Started)

Comment 8 by sheriffbot@chromium.org, Sep 14

Project Member
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 9 by awhalley@chromium.org, Sep 17

Labels: reward-topanel

Comment 10 by sheriffbot@chromium.org, Sep 18

Project Member
Labels: Merge-Request-70

Comment 11 by sheriffbot@chromium.org, Sep 18

Project Member
Labels: -Merge-Request-70 Merge-Review-70 Hotlist-Merge-Review
This bug requires manual review: Less than 24 days to go before AppStore submit on M70
Please contact the milestone owner if you have questions.
Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 12 by abdulsyed@chromium.org, Sep 18

Labels: -Merge-Review-70 Merge-Approved-70

Comment 13 by bugdroid1@chromium.org, Sep 19

Project Member
Labels: -merge-approved-70 merge-merged-3538
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/db0a0dfdc697039796e2b955dbaa01ffce2fb16b

commit db0a0dfdc697039796e2b955dbaa01ffce2fb16b
Author: Christopher Thompson <cthomp@chromium.org>
Date: Tue Sep 18 23:59:03 2018

[M70] Add additional Lao character to IDN confusables

  U+0E01 (ก) => n

Prior Lao/Thai entries were added in crrev.com/c/1058710.

Test: components_unittests --gtest_filter=*IDN*
Bug:  882078 
Change-Id: I1e90b144a1d791341b515d026a6bc4be7cbed57d
Reviewed-on: https://chromium-review.googlesource.com/1220773
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Christopher Thompson <cthomp@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#591227}(cherry picked from commit 3983030c2ee3e54afa60fe24f23e4c98067a3634)
Reviewed-on: https://chromium-review.googlesource.com/1232679
Reviewed-by: Christopher Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/branch-heads/3538@{#514}
Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
[modify] https://crrev.com/db0a0dfdc697039796e2b955dbaa01ffce2fb16b/components/url_formatter/idn_spoof_checker.cc
[modify] https://crrev.com/db0a0dfdc697039796e2b955dbaa01ffce2fb16b/components/url_formatter/top_domains/alexa_domains.skeletons
[modify] https://crrev.com/db0a0dfdc697039796e2b955dbaa01ffce2fb16b/components/url_formatter/top_domains/test_domains.list
[modify] https://crrev.com/db0a0dfdc697039796e2b955dbaa01ffce2fb16b/components/url_formatter/top_domains/test_domains.skeletons
[modify] https://crrev.com/db0a0dfdc697039796e2b955dbaa01ffce2fb16b/components/url_formatter/url_formatter_unittest.cc

Comment 14 by awhalley@chromium.org, Oct 4

Labels: -reward-topanel reward-unpaid reward-500
*** Boilerplate reminders! ***
Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward. Also, please be considerate about disclosure when the bug affects a core library that may be used by other products. Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward. Please be honest if you have already disclosed anything publicly or to third parties. Lastly, we understand that some of you are not interested in money. We offer the option to donate your reward to an eligible charity. If you prefer this option, let us know and we will also match your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing.
*********************************

Comment 15 by awhalley@google.com, Oct 4

$500 for this one!

Comment 16 by awhalley@chromium.org, Oct 4

Labels: -reward-unpaid reward-inprocess

Comment 17 by awhalley@google.com, Oct 15

Labels: Release-0-M70

Comment 18 by awhalley@chromium.org, Oct 16

Labels: CVE-2018-17473 CVE_description-missing

Comment 19 by mea...@chromium.org, Oct 19

Labels: idn-spoof

Comment 20 by mea...@chromium.org, Oct 19

Labels: idn-spoof

Comment 21 by awhalley@chromium.org, Nov 12

Labels: -CVE_description-missing CVE_description-submitted

Comment 22 by sheriffbot@chromium.org, Dec 21

Project Member
Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment