Download Protection: .SAVER files not checked on Mac OS
Reported by
resea...@nightwatchcybersecurity.com,
Apr 6 2016
|
||||||
Issue descriptionVERSION Chrome Version: 49.0.2623.87 Official Build Operating System: Mac OS X El Capitan, version 10.11.3 REPRODUCTION CASE .SAVER files on Mac OS are screen savers and are not currently checked by Chrome, like SCR files are on Windows. This is somewhat mitigated by Gatekeeper which stops users from installing non-App store files, but the same logic applies to .APP and .DMG files which are checked by Chrome. Example file: https://github.com/winterbe/github-matrix-screensaver/releases We can try to provide a patch if covered by Patch rewards
,
Apr 22 2016
We rechecked this - being that .SAVER is a directory and needs to be carried inside a ZIP file, this is not relevant for VRP. QTZ files open with QuickTime and a warning, also not relevant.
,
May 6 2016
,
May 27 2016
Thanks for filing this issue. As you mentioned, downloading the linked file causes the histogram at chrome://histograms/SBClientDownload.CheckDownloadStats to record this download, which makes this issue ineligible for Download Protection VRP.
,
Mar 9 2017
,
Mar 10 2017
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
,
Mar 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by resea...@nightwatchcybersecurity.com
, Apr 6 2016