New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 605386 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Apr 2016
Cc:
ya...@nightwatchcybersecurity.com
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Safe Browsing: Consider Adding .MOV and .QT file types

Reported by resea...@nightwatchcybersecurity.com, Apr 21 2016 
Apple has recently ended support for QuickTime on Windows, even though active vulnerabilities exist. That means users are vulnerable until uninstall. Perhaps Chrome can consider adding the .MOV and .QT file types to safe browsing until a reasonable mass of users uninstalls. We verified that Chrome currently does not check these file types.

This is for Windows only, not Mac OS.

Info:
https://www.us-cert.gov/ncas/alerts/TA16-105A
http://zerodayinitiative.com/advisories/ZDI-16-241/
http://www.zerodayinitiative.com/advisories/ZDI-16-242/

There is no public exploit POC yet but would probably be out shortly.

Comment 1 by vakh@chromium.org, Apr 21 2016

Status: WontFix (was: Unconfirmed)
It is outside Chrome's threat model to know what application is registered to handle different filetypes, what version of that application is installed, and whether it is patched.

Comment 2 by infe...@chromium.org, Mar 9 2017

Cc: ya...@nightwatchcybersecurity.com

Comment 3 by vakh@chromium.org, Mar 10 2017

Labels: -Restrict-View-Google Restrict-View-SecurityTeam
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
Project Member

Comment 4 by sheriffbot@chromium.org, Mar 11 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment