<![CDATA[Opera and Unicode domains PSA]]>So, I just saw this on another website. Apparently, there's a unicode phishing bug that's exploitable in multiple browsers. The linked article specifically mentions Chrome and Firefox, but Opera is also affected (obviously, as it uses the Chrome engine), as well as classic Opera v12 and a couple other browsers (ironically, Edge was not affected, but I still would never recommend it). It relies on using unicode characters in the domain, which the browser converts to appear as a different domain name. Add an SSL cert, and it's possible to make a phishing site appear to be completely legit, unless you actually check the SSL cert manually.

https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

]]>https://forums.opera.com/topic/20267/opera-and-unicode-domains-psaRSS for NodeFri, 10 Apr 2026 23:49:46 GMTSun, 16 Apr 2017 19:12:16 GMT60<![CDATA[Reply to Opera and Unicode domains PSA on Tue, 18 Apr 2017 01:18:55 GMT]]>

https://tech.slashdot.org/story/17/04/17/1329200/chrome-59-to-address-punycode-phishing-attack
Of course, when Chrome releases their update Opera will get it automatically.

True, and I intended to mention that in my post, but forgot (thanks for catching that for me). My intent was simply to alert people to the phishing bug, so they can be aware of it.

]]>https://forums.opera.com/post/119003https://forums.opera.com/post/119003Tue, 18 Apr 2017 01:18:55 GMT<![CDATA[Reply to Opera and Unicode domains PSA on Mon, 17 Apr 2017 16:57:58 GMT]]>https://tech.slashdot.org/story/17/04/17/1329200/chrome-59-to-address-punycode-phishing-attack

Of course, when Chrome releases their update Opera will get it automatically.

]]>https://forums.opera.com/post/118989https://forums.opera.com/post/118989Mon, 17 Apr 2017 16:57:58 GMT<![CDATA[Reply to Opera and Unicode domains PSA on Sun, 16 Apr 2017 19:18:29 GMT]]>Just wanted to add, that I tested the bug on an earlier build of Opera (10.54), and while it still displayed the incorrect domain, the "Secure" icon in the address bar did list the actual correct domain name.

Unicode Bug

]]>https://forums.opera.com/post/118940https://forums.opera.com/post/118940Sun, 16 Apr 2017 19:18:29 GMT