De-prioritize 2.23.140.1.1 when searching for EV policy.

net/cert/cert_verify_proc_mac.cc

Index: net/cert/cert_verify_proc_mac.cc
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc
index f31e4023b195faf719dd72be9414c052f9dcce6a..73685697ea2ba9d3eea0aea2ebead02b7b55cb78 100644
--- a/net/cert/cert_verify_proc_mac.cc
+++ b/net/cert/cert_verify_proc_mac.cc
@@ -338,7 +338,11 @@ void GetCandidateEVPolicy(const X509Certificate* cert_input,
   for (const der::Input& policy_oid : policies) {
     if (metadata->IsEVPolicyOID(policy_oid)) {
       *ev_policy_oid = policy_oid.AsString();
-      return;
+
+      // De-prioritize the CA/Browser forum Extended Validation policy
+      // (2.23.140.1.1). See crbug.com/705285.
+      if (!EVRootCAMetadata::IsCaBrowserForumEvOid(policy_oid))
+        break;
     }
   }
 }