"Dangerous site" message in Chrome

[chelming]

Anyone else getting a dangerous site warning in Chrome on a public instance? Cert is valid and the google transparency report shows as ok. This only happens in one of my profiles and it's fine in Firefox. The domain the instance is vault.my.domain

[BlackDex]

You probably have Bitwarden in your (sub-)domain which triggers Google's security. You probably also have your domain/dns configured via Google i think.

[chelming]

Using duckdns and a subdomain of vault.mydomain.duckdns.org

[BlackDex]

Might be duckdns then which triggers it?
In any case, it's not something we can fix i think

[chelming]

haha, that's why I made it a discussion and not an issue. Wasn't sure if anyone else experienced it and knew what triggered/how to fix 😄

[cwesterfield]

I found out today using send that I also have this issue. I use https://bw.domain.us.

I sent a report to https://safebrowsing.google.com/safebrowsing/report_error/?hl=en, but I'm not sure anything will change.

[Sleavely]

I just spun up Vaultwarden behind a lucaslorentz/caddy-docker-proxy with Lets Encrypt which runs several other subdomains just fine so it feels like either they dislike vault or there's something about the contents of the page that makes Google think it's phishing. I noticed in the footer Bitwarden is mentioned several times, which feels like something that'd trip up alarms. Interestingly, I don't seem to get the warning in Incognito mode.

[Jeelox]

I have the exact same problem. Did you find something? I'm trying with another subdomain, just in case.
I tried to report an incorrect warning: https://safebrowsing.google.com/safebrowsing/report_error/?hl=en
I'll keep you in touch if that's working.

[Sleavely]

I reported mine as a false positive as well, and now that I navigated to the vault I don't get the warning anymore. I guess they just whitelist the specific domain when you report it?

[H4rryK4ne]

I, or actually my father in law, encounter the same issue.

On his phone with Android 8.1, Chrome warns about my vaultwarden URL. Other subdomains (e.g. home-assistant.my-domain.duckdns.org) are working without warning. Vaultwarden and home-assistant are both running as docker container on a Synology disk station.

On other phones (with Android 12, 13, or 14) I never have seen such a warning.

Additionally, on the Android 8 phone I can not setup the bitwarden app ("exception message: Connection failure").

Disabling Safe Browsing in chrome brings me to the site. Unfortunately it does not help connecting the app. I assume that a similar issue prevents the app connecting to my site.