Security: RAR archive parsing issue in Guest mode on ChromeOS
Reported by
resea...@nightwatchcybersecurity.com,
Mar 20 2016
|
||||||||||||
Issue description(Split off from #595558 as requested) VULNERABILITY DETAILS Because of bug # 579035, we observed that double clicking on a file inside the RAR file does not properly encode the name of the file when opening in Chrome, specifically in the address bar. We are attaching a test RAR file and a screenshot. VERSION Chrome Version: 49.0.2623.95 (Official Build) (64-bit) Operating System: ChromeOS 7834.60.0 (= Official Build) stable-channel parrot REPRODUCTION CASE Open the RAR file to mount it. Double click the non-English PDF file inside and observe the name un-encoded in Chrome. File originally came from: http://www.mesherasrub.ru/Kak_postroit_selskii_dom.rar
,
Mar 22 2016
I took a quick look at this file and the file format looks broken. How did you create the archive? Could you provide exact steps? Thanks.
,
Mar 23 2016
Non-english filenames, same as https://bugs.chromium.org/p/chromium/issues/detail?id=579035
,
Mar 25 2016
I'm not sure this is a security bug, rather than just a functional bug in the rar extractor. research@ can you describe how an attacker might use this vulnerability to do anything malicious to users other than show an invalid filename?
,
Mar 27 2016
,
Mar 27 2016
flipping to a functional bug
,
Mar 9 2017
,
Dec 8 2017
,
Dec 8 2017
,
Feb 2 2018
yamaguchi@ - With the updates you are making for zip, is this still an issue?
,
Feb 3 2018
The update for Zip Archiver does not affect handling of .rar files. Therefore this will be still an issue.
,
Feb 6 2018
Issue 579035 has been merged into this issue.
,
Feb 16 2018
<files-triage>
,
Feb 28 2018
,
Mar 9 2018
,
Mar 9 2018
This is not on zip files, but labeled as CrOSFilesFeature-Zip as it's related to features for archive files. Punted to M-67 due to Pri-3.
,
Mar 28 2018
|
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by mea...@chromium.org
, Mar 21 2016Labels: OS-Chrome
Owner: mtomasz@chromium.org
Status: Assigned (was: Unconfirmed)
32.1 KB
32.1 KB View Download