New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 600597 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Apr 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Download Protection: QDS files not checked on Windows

Reported by resea...@nightwatchcybersecurity.com, Apr 5 2016

Issue description

VERSION
Chrome Version: 49.0.2623.110 (Official Build) m (32-bit)
Operating System: Windows 2012 R2; version 6.3.9600

REPRODUCTION CASE
QDS files are saved ActiveDirectory queries. If SEARCH-MS extensions are checked, this should be checked too.

More info on QDS:
https://technet.microsoft.com/en-us/library/bb457104.aspx
https://gallery.technet.microsoft.com/scriptcenter/How-to-generate-a-QDS-05fe4ff5
 
Labels: -Restrict-View-SecurityTeam Restrict-View-Google
Owner: ----

Comment 3 by vakh@chromium.org, Apr 20 2016

Status: Unconfirmed (was: New)
Thanks for the bug report. The .search-ms filetypes are allowed to be downloaded, just not auto-executed.

Also, .qds or .search-ms files do not lead to execution of code controlled by the attacker so it does not qualify for Download Protection VRP.

If you believe that the download of .qds or .search-ms files can lead to execution of code controlled by a malicious attacker, please share a step-by-step list of steps for us to be able to reproduce the problem. Thanks.

Comment 4 by vakh@chromium.org, Apr 21 2016

Status: WontFix (was: Unconfirmed)
Cc: ya...@nightwatchcybersecurity.com

Comment 6 by vakh@chromium.org, Mar 10 2017

Labels: -Restrict-View-Google Restrict-View-SecurityTeam
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
Project Member

Comment 7 by sheriffbot@chromium.org, Mar 11 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment