Issue 882240 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 881694
Owner:	----
Closed:	Sep 9
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Subdomain URL Spoof in Chrome Version 69.0.3497.81 (Official Build) (64-bit)

Reported by auxy...@gmail.com, Sep 9

Issue description

VULNERABILITY DETAILS
Subdomain URL Spoof bacuase of eliminating www featuer in Chrome 69

VERSION
Chrome Version: [69.0.3497.81] + [stable]
Operating System: [Windows, Mac]

REPRODUCTION CASE

If you type aaa.www.example.com, the browser location bar will show aaa.example.com. This causes a subdomain spoof. (See the attached abc.png as an example)

In websites which you can creat subdomain. You can create www.sub_domain1.domain.com to spoof sub_domain1.domain.com

	abc.png 235 KB View Download

Comment 1 by mpdenton@google.com, Sep 9

Mergedinto: 881694
Status: Duplicate (was: Unconfirmed)

Hi! Thank you for the report. We have been notified of this and are tracking the issue in  issue 881694 . Thanks!

Project Member

Comment 2 by sheriffbot@chromium.org, Dec 17

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 882240 link

Issue metadata

Security: Subdomain URL Spoof in Chrome Version 69.0.3497.81 (Official Build) (64-bit)

Issue description

Comment 1 by mpdenton@google.com, Sep 9

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Dec 17

Comment 2 Deleted

Sign in to add a comment