New issue
Advanced search Search tips

Issue 688434 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 680202
Owner:
Closed: Feb 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Chrome Auto Opens PDF files regardless of settings.

Reported by dark_syl...@yahoo.com.ar, Feb 3 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce the problem:
1. Use the Linux version
2. Disable the Chrome PDF viewer in Settings -> Content Settings -> "Open PDF files in the default viewer application"
3. Ensure "Ask where to save file before downloading" is ticked.
4. Ensure you click "Clea auto-opening settings"
5. Go to any website and click on a PDF link

What is the expected behavior?
Chrome should ask me where to download the file and save it there

What went wrong?
Chrome automatically downloads the files and OPENS it. This is a MASSIVE SECURITY HOLE if the link is malicious.

If I right click "Save link as..." then I'm allowed to chose where to download the file, but it will still open it after it's done.

Did this work before? Yes Chrome 54 or 55 I think

Chrome version: 56.0.2924.87  Channel: stable
OS Version: 16.04
Flash Version: Shockwave Flash 24.0 r0

 
Owner: pastarmovj@chromium.org
Status: Assigned (was: Unconfirmed)
Dup?
To the best of my knowledge there is no ticket open with the same issue (I can't see other security tickets). This is also very recent. I updated today and started having this problem.

I figured either a lot of people use the internal viewer, or they thought they accidentally click auto-open this type from now on, or they just don't have the time to log this issue.
My mistake. After changing my keywords I was able to find a dup: 680202
Seems to be the same ticket.
Mergedinto: 680202
Status: Duplicate (was: Assigned)

Comment 5 by vakh@chromium.org, Mar 10 2017

Labels: -Restrict-View-Google Restrict-View-SecurityTeam
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
Project Member

Comment 6 by sheriffbot@chromium.org, May 13 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment