Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #19 by [EMAIL PROTECTED]:
Verified in the official build 153.1
Issue attribute updates:
Status: Verified
--
You received this message because you are listed in the owner
or
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #18 by [EMAIL PROTECTED]:
This is fixed in 149.30
Issue attribute updates:
Status: Fixed
--
You received this message because you are listed in the owner
or CC fields of thi
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #17 by sebdotv:
Should be fixed in 0.2.149.30 according to changelog.
http://google-chrome-changelogs.blogspot.com/
--
You received this message because you are listed in the owner
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #16 by [EMAIL PROTECTED]:
But if you're using in-URL HTTP auth to get to an embedded device (e.g.
router on LAN),
that would be a URL like http://admin:[EMAIL PROTECTED] .
Even if Go
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #15 by [EMAIL PROTECTED]:
Http auth isn't as rare as you'd think. Many embedded devices use the
mechanism and
many of us who manage those devices use the http://username:[EMAIL PROTE
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #14 by den.molib:
The hostname is only leaked to the local DNS server and the routers in the
path.
Given an issue like the recent DNS vulnerability, the suggestion service
can be an
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #13 by den.molib:
> And yes, https:/// alone is already "leaked" by making a TCP
connection to
> the host, so we're not really exposing any data with that alone.
It is only 'leaked' t
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #12 by [EMAIL PROTECTED]:
The same comment came up elsewhere. I don't think it's worth blocking
this, mostly
because I basically never see people actually doing user:pass HTTP auth
Issue 1647: Suggestions attempted for SSL sites
http://code.google.com/p/chromium/issues/detail?id=1647
Comment #11 by [EMAIL PROTECTED]:
That sounds like a good play. One case to be careful of is
foo:blah
because this might be the user typing "http://username:[EMAIL PROTECTED]/".
This migh