New issue
Advanced search Search tips

Issue 607278 link

Starred by 2 users
Status: WontFix
Owner:
thestig@chromium.org
Closed: Apr 2016
Cc:
tsepez@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Security



Sign in to add a comment

PDF open redirect

Reported by s.h.h.n....@gmail.com, Apr 27 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36

Steps to reproduce the problem:
1. Go to https://drive.google.com/open?id=0BwcxJ-y2ilTwOXIxRDJaZjVGRXM
2. Click on print icon
3. Redirects to 14.rs

What is the expected behavior?
Print screen

What went wrong?
Maybe there's nothing wrong. Open Redirect is feature of PDF and not a bug right? I wanted to make sure because I've submitted a bug to bug bounty where they responded that this is bug of Chrome. 

Did this work before? N/A 

Chrome version: 49.0.2623.112  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 21.0 r0

Comment 1 by rsesek@chromium.org, Apr 27 2016

Components: Internals>Plugins>PDF
Labels: -OS-Windows OS-All
Owner: tsepez@chromium.org
Status: Assigned (was: Unconfirmed)
Thanks for the report. I can reproduce on Mac as well.

What I think is happening is that when you click on Print in drive, it opens the raw PDF, which Chrome renders via its PDF plugin, and when that loads, it executes the redirect.

I don't think there are security implications here, but ->tsepez for sure.

Comment 2 by tsepez@chromium.org, Apr 28 2016

Cc: tsepez@chromium.org
Owner: thestig@chromium.org
I think this is "working as designed", but we may want to do better. Lei?

Comment 3 by thestig@chromium.org, Apr 28 2016 

Well, Drive can do better by processing the PDF that's made for printing to not have redirects.

How is PDFs redirecting the URL any different from a web page that does the same? I don't see what the problem is.

Comment 4 by rsesek@chromium.org, Apr 28 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Assigned)
The consensus seems to be that this is working as designed for Chrome, so closing as WontFix.

Reporter: Do you have a ticket number for your initial report to Google? We can follow up with the Drive team.

Comment 5 by s.h.h.n....@gmail.com, Apr 29 2016 

Hi,
Thank you for confirmation. Bug I reported was not to Google. As you know Google does not consider open redirect as a vulnerability.
Project Member

Comment 6 by sheriffbot@chromium.org, Oct 1 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by sheriffbot@chromium.org, Oct 2 2016 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment