Download Protection: QDS files not checked on Windows
Reported by
resea...@nightwatchcybersecurity.com,
Apr 5 2016
|
|||||||
Issue descriptionVERSION Chrome Version: 49.0.2623.110 (Official Build) m (32-bit) Operating System: Windows 2012 R2; version 6.3.9600 REPRODUCTION CASE QDS files are saved ActiveDirectory queries. If SEARCH-MS extensions are checked, this should be checked too. More info on QDS: https://technet.microsoft.com/en-us/library/bb457104.aspx https://gallery.technet.microsoft.com/scriptcenter/How-to-generate-a-QDS-05fe4ff5
,
Apr 6 2016
,
Apr 20 2016
Thanks for the bug report. The .search-ms filetypes are allowed to be downloaded, just not auto-executed. Also, .qds or .search-ms files do not lead to execution of code controlled by the attacker so it does not qualify for Download Protection VRP. If you believe that the download of .qds or .search-ms files can lead to execution of code controlled by a malicious attacker, please share a step-by-step list of steps for us to be able to reproduce the problem. Thanks.
,
Apr 21 2016
,
Mar 9 2017
,
Mar 10 2017
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
,
Mar 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by nparker@chromium.org
, Apr 6 2016