Chrome Canary posting lookalike security error when redirecting to auth0 app domain

As of this morning, Chrome nightly build has started throwing up a rather ominous security interstitial warning about lookalike domain names when redirecting a user to our Auth0 app URL for login.

For context, our Auth0 app domain is something like “example-domain-dev.auth0.com” and Chrome is warning that it might be a spoof of “example-domain.com”. Again, this is only for the Chrome nightly build but would be very off-putting for users if it started showing up in production Chrome.

Screenshot of the warning screen is attached:

Have other people seen something similar? Is there a way to protect against this?

1 Like

We just came across this issue as well. Could someone @auth0 give us some hints on how to avoid this?