Issue metadata
Sign in to add a comment
|
Security: Bypass Download Protection on Saving Page
Reported by
gregory....@gmail.com,
Jun 1 2016
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Malicious test binary [https://testsafebrowsing.appspot.com/s/content.exe] get saved to disk when saving a webpage referencing the binary as a resource [Eg:- image]. The filename of the page can be named in such a way to entice the user to view the contents of the saved "<pagename>_files" folder, and execute any contents within. This poses a security risk. VERSION Chrome Version: 51.0.2704.63 m (Stable) Operating System: Windows (All) REPRODUCTION CASE 1. Visit http://grpdmp.tk:27275/gchrome1/_FREE_DEMO.html 2. Save Page (Complete) 3. Malcicious test file gets typically saved to "C:\Users\<username>\Downloads\_FREE_DEMO_files\content.exe" 4. The html file can be modified to prompt for content.exe download on reopening locally [which isn't blocked].
,
Jun 2 2016
Thanks for reporting gregory.panakkai@! We are fully aware of this problem and working on a fix. Mark as duplicate.
,
Sep 9 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by f...@chromium.org
, Jun 2 2016Components: UI>Browser>SafeBrowsing
Status: Available (was: Unconfirmed)