Security bug in download protection bypass: RTF
Reported by
security...@ironsrc.com,
Apr 11 2016
|
||||
Issue descriptionThis template is ONLY for reporting Download Protection Bypass bugs within Chrome and is not for requesting a review of sites or binaries identified as malicious. VERSION Chrome Version: 49.0.2623.110 + stable Operating System: Windows 7 SP1 and above REPRODUCTION CASE Please include a demonstration of the Download Protection / Safe Browsing bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. Attaching the demo as link: http://52.37.211.136/Demo/6915/try-me.html
,
Apr 11 2016
This issue demonstrates the downloading of an RTF file, which isn't a binary file that can be executed by the user. According to the rewards program, the requirement is: "Landing a blacklisted binary (malware example, UwS example) on disk where a typical user could execute it, on Mac or Windows. The file type on disk must lead to non-sandboxed code execution after minimal user interaction with the file." Therefore, this bug does not qualify for the reward program. Also, there's another tracking bug for downloads through using Flash, for those who have access to it: https://bugs.chromium.org/p/chromium/issues/detail?id=533579
,
Mar 10 2017
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
,
Mar 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by vakh@chromium.org
, Apr 11 2016