As of this morning, Chrome nightly build has started throwing up a rather ominous security interstitial warning about lookalike domain names when redirecting a user to our Auth0 app URL for login.
For context, our Auth0 app domain is something like “example-domain-dev.auth0.com” and Chrome is warning that it might be a spoof of “example-domain.com”. Again, this is only for the Chrome nightly build but would be very off-putting for users if it started showing up in production Chrome.
Screenshot of the warning screen is attached:
Have other people seen something similar? Is there a way to protect against this?