Issue metadata
Sign in to add a comment
|
Chrome displays a "Deceptive site ahead" warning about another site
Reported by
co...@colin.net.pl,
Oct 21
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36 Example URL: https://centrump2p.com/magnet/strony Steps to reproduce the problem: 1. Open https://centrump2p.com/magnet/strony. 2. Chrome displays a "Deceptive site ahead" warning about another site linked from the page, pornorip(dot)biz. What is the expected behavior? According to https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fcentrump2p.com%2Fmagnet%2Fstrony&hl=en, there is no unsafe content on that page, so there should be no malware warning in Chrome. What went wrong? Chrome displayed a malware warning about a completely different site. Does it occur on multiple sites: N/A Is it a problem with a plugin? No Did this work before? No Does this work in other browsers? Yes Chrome version: 70.0.3538.67 Channel: stable OS Version: 10.0 Flash Version:
,
Oct 22
Able to reproduce the issue on Windows 10, mac 10.13.3 and Ubuntu 17.10 using chrome reported version #70.0.3538.67 and latest canary #72.0.3587.0. Bisect Information: ===================== Good build: 70.0.3538.11 Bad Build : 70.0.3538.12 Change Log URL: (From omahaproxy) https://chromium.googlesource.com/chromium/src/+log/70.0.3538.11..70.0.3538.12?pretty=fuller&n=10000 From the above change log suspecting below change Change-Id: Id87fa0c6a858bae6a3f8fff4d6af3f974b00d5e4 Reviewed-on: https://chromium-review.googlesource.com/1212846 mkwst@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Note: Adding stable blocker for M-70 as it seems to be a recent regression. Please feel free to remove the same if not appropriate. ccing the reviewer of the issue as the author is OOO until 4th. Thanks...!!
,
Oct 22
,
Oct 23
,
Oct 24
Adding nparker@ from Safe Browsing, since this is unexpected SB interstitial.
,
Oct 24
Just quickly poking at the site, it does make a favicon.ico request to the site that is considered dangerous for Safe Browsing.
t=224419 [st= 100] +URL_REQUEST_START_JOB [dt=1553]
--> load_flags = 49152 (DO_NOT_USE_EMBEDDED_IDENTITY | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "http://www.pornorip.biz/favicon.ico"
....
t=225972 [st=1653] +URL_REQUEST_DELEGATE_RESPONSE_STARTED [dt=3052+]
t=225972 [st=1653] +DELEGATE_INFO [dt=3052+]
--> delegate_blocked_by = "SafeBrowsingParallelResourceThrottle"
Maybe there is a change that we show interstitials for subresource requests at this time?
,
Oct 24
This seems to be working as intended since it's showing the URL of the actual blocked resource, but after an offline discussion with nasko@ and nparker@ we agreed it'd be clearer to have the URL in the interstitial match the omnibox and show the actual subresource URL (for debugging purposes by the site owner) in the Details section. I'll close this bug and file a new one for the change.
,
Oct 24
Filed crbug.com/898558 |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by phanindra.mandapaka@chromium.org
, Oct 21