Hi Thanks for your bug.

I think what you're reporting here is that Chrome does not validate the certificate of a domain before it follows a 301 redirect from that domain? That does seem odd and I am surprised that is happening.

The sites you link in your report are not currently up - https://www.ssllabs.com/ssltest/analyze.html?d=www.hoge.jp&hideResults=on - perhaps you could provide a reproduction case in e.g. python so we could attempt a reproduction locally.

Tried with a local server on current Stable and Canary using a self signed cert and redirecting to https://www.example.com, and I can't reproduce. The interstitial shows up before redirecting, however after clicking through the interstitial the redirect works (and keeps working for as long as the exception lasts), which seems WAI. Also tested with committed interstitials on, and the behavior is the same.

Will assign to myself to keep an eye on this one in case the reporter adds more information, or a case I can reproduce.

Thank you for your reply.

I checked again. and I knew my misunderstanding.
Chrome don't have this bug.Edge seems to have this bug.

You can remove this issue.

Sorry for my mistake.

Thanks for the clarification! (and no worries)

Sorry again,

Just as I thought, behavior of Chrome is not good.
Edge is not problem.

Could you open this issue again?

I think you can reproduce using this site.

URL: https://www.o-katazuke.jp

Right URL is https://o-katazuke.jp

Thank you very much.

Thanks again for the report, in the specific case of www. mismatches Chrome automatically redirects to the site specified in the certificate ( crbug.com/507454 ), so in this case you are not seeing the server redirect, but Chrome redirecting you when the cert error happens.

Thanks for your reply.

I understood a this feature.

I have a question.

azurewebsites.net has wild-cards domain certificate.
In this case, the owner is different on site and certificate.

Malicious hackers can spoof other sites, because all sites on azurewebsites.net are same domain.

Chrome users redirect to another site unintentionally.

Am I over-thinking?

This explicitely catches the case where somesite.com has a cert for www.somesite.com, or viceversa www.somesite.com has a cert for somesite.com.
The redirection is handled by Chrome, not controllable by the site, and the cert has to be valid otherwise. So I don't think the attack is plausible, unless I'm misunderstanding. I'll cc meacer who worked on this feature so they can correct me if I'm wrong.

> azurewebsites.net has wild-cards domain certificate.
> In this case, the owner is different on site and certificate.

Having a wildcard cert for a domain implies that the owner controls all the subdomains. In this case, somesite.net doesn't need to redirect to www.somesite.net, they can just serve whatever content they want (including spoofs) on somesite.net instead. What is the attack scenario here?

Thank you for your reply.

Regarding wildcard cert for a domain,
Actually, I think that the owner may not controls all the subdomain.
in case of cloud service like an azurewebsites.net, the owner is not site owner.

But, i can not explain the attack scenario now.
could you give me a more time to investigate?

Thanks

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot