Download protection bypass
Reported by
osmanstp...@gmail.com,
Dec 5 2016
|
||||||
Issue descriptionThis template is ONLY for reporting Download Protection Bypass bugs within Chrome and is not for requesting a review of sites or binaries identified as malicious. VERSION Google Chrome 54.0.2840.99 (Official Build) m (32-bit) Operating System: Windows 10 REPRODUCTION CASE Downloader extension allows the malware test file (malware example, UwS example) to be downloaded. Without the extension--Google Chrome automatically blocks the file saying it is harmful, but with the extension--the file simply goes straight to downloads folder where a user can easily run it. The extension does give the person an option to keep or discard. Hopefully this qualifies for the download bypass reward because the 2 sample Malicious test .exe's both ended up in downloads folder. An extension can be made where it will auto download it and won't prompt anything.
,
Dec 5 2016
,
Dec 6 2016
,
Dec 16 2016
,
Dec 21 2016
WAI Based on your screenshot Capture.PNG, the confirm download dialog did show up with appropriate warning text "content.exe is malicious, and chrome has blocked it."
,
Mar 10 2017
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
,
Mar 30 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by nparker@chromium.org
, Dec 5 2016