Your message dated Sat, 26 Jan 2019 15:21:07 -0500
with message-id
<CANTw=MPtcMzES8LYzd7BopwGGMXhTZN6K2mnefk5jw3WVdz=m...@mail.gmail.com>
and subject line Re: Bug#914886: chromium: SafeBrowsing is not working at all
(sample included)
has caused the Debian Bug report #914886,
regarding chromium: SafeBrowsing is not working at all (sample included)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
914886: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914886
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: chromium
Version: 70.0.3538.110-1
Severity: important
I am not completely sure how to handle this issue: it is obviously not present
in Google Chrome, only in Chromium so upstream isssue tracker doesn't seem to be
the best fit. Also I'm not sure how the SafeBrowsing component is maintained in
_Chromium_. If you believe this should be somehow reported upstream please do it
or request me to (with some details as of how and what).
Anyway, Chromium SafeBrowsing seems not to work at all, despite that both
"SafeBrowsing" and "Help improve SB" is on.
Just go to this URL and see no warnings: https://www[.]xn--bbox-vw5a[.]com/login
(It is a phishing site for bibox.com with TLS domain padlock.)
The URL is detected by both FireFox and Google SafeBrowsing website.
I would say this is a pretty serious problem, considering the aforementioned
example of the phishing site WITH the padlock, where Average Joe have no real
chance to see the URL forgery.
-- System Information:
Debian Release: buster/sid
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8),
LANGUAGE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages chromium depends on:
ii chromium-common 70.0.3538.110-1
ii libasound2 1.1.6-1
ii libatk-bridge2.0-0 2.26.1-1
ii libatk1.0-0 2.28.1-1
ii libatomic1 8.2.0-7
ii libavcodec58 10:4.0.2-dmo1
ii libavformat58 10:4.0.2-dmo1
ii libavutil56 10:4.0.2-dmo1
ii libc6 2.27-5
ii libcairo-gobject2 1.16.0-1
ii libcairo2 1.16.0-1
ii libcups2 2.2.8-5
ii libdbus-1-3 1.12.10-1
ii libdrm2 2.4.89-1
ii libevent-2.1-6 2.1.8-stable-4
ii libexpat1 2.2.5-3
ii libflac8 1.3.2-1
ii libfontconfig1 2.13.1-2
ii libfreetype6 2.8.1-0.1
ii libgcc1 1:8.2.0-7
ii libgdk-pixbuf2.0-0 2.38.0+dfsg-6
ii libglib2.0-0 2.58.1-2
ii libgtk-3-0 3.22.30-1
ii libharfbuzz0b 2.1.1-1+b1
ii libicu63 63.1-4
ii libjpeg62-turbo 1:1.5.2-2+b1
ii liblcms2-2 2.9-1
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.16-1+b1
ii libnss3 2:3.34-1
ii libopenjp2-7 2.3.0-1
ii libopus0 1.3~beta+20180518-1
ii libpango-1.0-0 1.42.4-3
ii libpangocairo-1.0-0 1.42.4-3
ii libpci3 1:3.5.2-1
ii libpng16-16 1.6.34-1
ii libpulse0 12.0-1
ii libre2-4 20180301+dfsg-1
ii libsnappy1v5 1.1.7-1
ii libstdc++6 8.2.0-7
ii libvpx5 1.7.0-3
ii libwebp6 0.6.1-2
ii libwebpdemux2 0.6.1-2
ii libwebpmux3 0.6.1-2
ii libx11-6 2:1.6.5-1
ii libx11-xcb1 2:1.6.4-3
ii libxcb1 1.13-2
ii libxcomposite1 1:0.4.4-2
ii libxcursor1 1:1.1.15-1
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxi6 2:1.7.9-1
ii libxml2 2.9.4+dfsg1-6.1+b1
ii libxrandr2 2:1.5.1-1
ii libxrender1 1:0.9.10-1
ii libxslt1.1 1.1.29-5
ii libxss1 1:1.2.2-1+b2
ii libxtst6 2:1.2.3-1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages chromium recommends:
ii chromium-sandbox 70.0.3538.102-1
Versions of packages chromium suggests:
pn chromium-driver <none>
pn chromium-l10n <none>
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii x11-utils 7.7+4
ii xdg-utils 1.1.2-1
Versions of packages chromium-common recommends:
ii chromium-sandbox 70.0.3538.102-1
ii dunst [notification-daemon] 1.2.0-2
ii fonts-liberation 1:1.07.4-8
ii libgl1-mesa-dri 17.3.1-1
pn libu2f-udev <none>
ii notification-daemon 3.20.0-2
ii upower 0.99.7-1
ii xfce4-notifyd [notification-daemon] 0.4.2-1
Versions of packages chromium-sandbox depends on:
ii libatomic1 8.2.0-7
ii libc6 2.27-5
ii libgcc1 1:8.2.0-7
ii libstdc++6 8.2.0-7
-- no debconf information
--- End Message ---
--- Begin Message ---
On Mon, Dec 31, 2018 at 7:09 PM Michael Gilbert wrote:
> I tried this both with and without safe browsing enabled in chromium
> 72. It always detected the site as insecure, the red Not Secure
> triangle, regardless of the safebrowsing setting. Maybe this was a
> temporary bug in version 70? Could you retest with a newer version?
>From everything I can tell, this works correctly in current versions.
Please feel free to reopen if it can be demonstrated otherwise.
Best wishes,
Mike
--- End Message ---
