Did you test the browser on http.badssl?

[polonus]

Go to http://http.badssl.com/ to check against an insecure http connection.
Did you get a warning, did your screen turn red?
Ctrl + Shift+I turns up (depending on used extensions)

content.js:8 injected: env: missing script "b58e8ca5-b67c-40d3-8bd8-f3e91755d09b"!
Mt @ content.js:8
content.js:8 injected: env: missing script "ec95684d-0a32-44d9-a26c-65e86e70be75"!
Mt @ content.js:8
content.js:8 injected: env: missing script "328997de-9077-4f9f-9193-2f92e2fe7679"!
Mt @ content.js:8
3http.badssl.com/:1 Uncaught (in promise) Error: The message port closed before a response was received.
DevTools failed to load source map: Could not load content for chrome-extension://kbbidhfplpegemhlbcfboalcjdmgebap/public_static/3sm/jquery.min.map: System error: net::ERR_BLOCKED_BY_CLIENT
DevTools failed to load source map: Could not load content for chrome-extension://iidnbdjijdkbmajdffnidomddglmieko/sourceMap/detect-editors.js.map: System error: net::ERR_BLOCKED_BY_CLIENT

polonus

[Ruslan S.]

Hello
there is a page where you can report a malicious Website if you think that this page should be detected as dangerous
https://www.avast.com/en-gb/report-malicious-file.php

[midnight]

Yes, and my screen was red

[polonus]

This is a normal testsite since 2019 and not malicious. It is supposed to alert.

See: https://www.virustotal.com/gui/url/f1340801cee5059e0540653761028e253b286ca4a699ff51a932f79502e778a4?nocache=1
and https://zulu.zscaler.com/submission/d5b21d59-9bb2-4da1-b86c-9217f7116fd6

See: https://www.shodan.io/search?query=badssl.com%2F
HTTP GET on resource 'https://self-signed.badssl.com:443/' failed: PKIX path validation failed: sun.security.validator.ValidatorException

polonus

[ondrejz]

Hi polonus,

I see the red page. The same result in Chrome and Brave.
We report the site as "Not secure" in the omnibox with exclamation mark. We use the same way of indication as used in other chromium based browsers.

What kind of warning would you expect?

Thanks