Re: Chrome 87.0.4280.88 - Serious Bug with HTTPS Forms

19 views
Skip to first unread message
Message has been deleted

Emily Stark

unread,
Dec 14, 2020, 12:47:40 PM12/14/20
to Jonathan Jaquez, security-dev
Hello,
We are currently investigating this and you can follow this bug for updates: https://bugs.chromium.org/p/chromium/issues/detail?id=1158169
If your server redirects the form submission to an insecure http:// URL, that may be the cause of the warning, so you might want to check that the entire request including any redirects is sent over https://.
Emily

On Mon, Dec 14, 2020 at 9:38 AM 'Jonathan Jaquez' via Security-dev <securi...@chromium.org> wrote:
Hi:

Chrome version 87.0.4280.88 is incorrectly reporting "The information you’re about to submit is not secure” on https://www.mageni.net/login but the website does not have mixed content as it is recommended on https://web.dev/fixing-mixed-content/. Please see attached screenshots. This is a serious bug which renders the browser useless with HTTPS forms. 

I created an account for testing purposes that you can use to verify the issue, the account is chrom...@mageni.net and the password is GoogleTesting@01 

This is only happening after the update of chrome to the version 87.0.4280.88 (https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html). Others browsers like Firefox and Safari are working flawlessly. 

Best,

Jonathan Jaquez
Mageni Security, LLC
White Plains, NY 10601

This email may be confidential or privileged. If you received this communication by mistake, don't forward it to anyone else, erase all copies and attachments, and let me know that it went to the wrong person. The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved. Although they have taken reasonable precautions to ensure no viruses are present in this email, it is not possible to prevent security breaches  and, for consequence, accept responsibility for any loss or damage arising from the use of this email, attachaments or computer products and services. There is no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing by all parties involved. I see no superior but Moshia Yeshua.


--
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.

Jonathan Jaquez

unread,
Dec 16, 2020, 12:03:56 AM12/16/20
to Emily Stark, security-dev
Hi Emily:

Thanks. The rollback solved this issue. 

Best, 

Jonathan Jaquez
Mageni Security, LLC
White Plains, NY 10601

This email may be confidential or privileged. If you received this communication by mistake, don't forward it to anyone else, erase all copies and attachments, and let me know that it went to the wrong person. The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved. Although they have taken reasonable precautions to ensure no viruses are present in this email, it is not possible to prevent security breaches  and, for consequence, accept responsibility for any loss or damage arising from the use of this email, attachaments or computer products and services. There is no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing by all parties involved. I see no superior but Moshia Yeshua.
<Screen Shot 2020-12-13 at 2.09.03 AM.png><Screen Shot 2020-12-13 at 2.05.27 AM.png>
Reply all
Reply to author
Forward
0 new messages