Updates:
Summary: Malware redirects caused by HTTP/30X should be blocked
Status: Assigned
Owner: [email protected]
Comment #14 on issue 5131 by [email protected]: Malware redirects caused by
HTTP/30X should be blocked
http://code.google.com/p/chromium/issues/detail?id=5131
Note - this is about HTTP/301 and HTTP/302 redirects. When we make the
request for
the page, we fire off a request for the page and a safebrowsing request
simultaneously. If the response is a HTTP/200 it will block waiting for the
safebrowsing request to come back. If it's HTTP/301 or HTTP/302 it will
happily
redirect without waiting for the safebrowsing request to come back. This is
broken.
The request should be blocked regardless of the response code (e.g. a 403
or 404 or
503 can be just as malicious as a 200 response). My understanding is that
the
redirect logic happens elsewhere which is why 301s and 302s slip by, this
needs to be
changed to block on the safebrowsing request coming back.
Reassigning to Paul per discussions with Darin
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
