New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 693931 link

Starred by 1 user
Status: WontFix
Owner:
nparker@chromium.org
Closed: Feb 2017
Cc:
zbutler@chromium.org
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Chrome "font wasn't found" social engineering hack w/ unflagged download

Reported by mqu...@neosmart.net, Feb 18 2017 
VERSION
Chrome Version: 56
Operating System: Windows 10

REPRODUCTION CASE

Please forgive me if this is not the correct venue for this, but I just wanted to report a new Chrome-centric social engineering vulnerability that is making its rounds on vulnerable WordPress sites as a JavaScript infection prompting users to update Chrome. The binary payload is not marked as malware by Chrome or Microsoft Windows, though it is tagged as "not commonly downloaded"

A full synopsis of the social engineering scam can be found here:
https://neosmart.net/blog/2017/beware-of-this-new-chrome-font-wasnt-found-hack/

The binary payload has been attached to this report.
Chrome Font v7.51.exe
76.0 KB Download

Comment 1 by nparker@chromium.org, Feb 18 2017

Owner: nparker@chromium.org
Status: WontFix (was: Unconfirmed)
Thanks for the report.  We have seen these font.exe attacks before, and Safe Browsing is flagging some of them.  FYI this isn't eligible for the VRP since it is checking with SB (since it shows the Uncommon warning).

Comment 2 by nparker@chromium.org, Feb 18 2017

Cc: zbutler@chromium.org

Comment 3 by mqu...@neosmart.net, Feb 19 2017 

Thank you.

Comment 4 by vakh@chromium.org, Mar 10 2017

Labels: -Restrict-View-Google Restrict-View-SecurityTeam
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
Project Member

Comment 5 by sheriffbot@chromium.org, May 28 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment