Download Protection: RAT files are not checked on Windows
Reported by
resea...@nightwatchcybersecurity.com,
Apr 5 2016
|
|||||||
Issue descriptionVERSION Chrome Version: 49.0.2623.110 (Official Build) m (32-bit) Operating System: Windows 2012 R2; version 6.3.9600 REPRODUCTION CASE RAT files carry PICS rules which would allow modification of IE's trusted zone settings. Currently Chrome will check these if they are under a .PRF extension but not .RAT. We can provide a patch if needed. Sample file here: http://www.microdynconsulting.com/resources/files/noaccess.rat
,
Apr 6 2016
,
Apr 22 2016
Could you please share an example of a file that modifies IE's trusted zone settings as you describe? The file that you shared doesn't seem to do anything when double-clicked.
,
Apr 22 2016
We did some more digging and it looks like that RAT / PRF files only modify the Internet ratings in IE, which would only affect users that have ratings turned on. It does not affect the trusted/untrusted zone.
,
Apr 23 2016
Downloading RAT/PRF files does not lead to download of executable files controlled by an attacker so this does not fall under the Download Protection VRP program.
,
Mar 9 2017
,
Mar 10 2017
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
,
Mar 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by nparker@chromium.org
, Apr 6 2016