Issue 694690 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Feb 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security

Security: Launching blocked application by renaming them to .exe

Reported by frankb...@gmail.com, Feb 21 2017

Issue description

VULNERABILITY DETAILS
Blocking dangerous files can be easily bypassed

VERSION
Chrome Version: Version 56.0.2924.87 (64-bit) Stable
Operating System: [Win 7 ultimate x64, service pack 1]

REPRODUCTION CASE
After downloading NetBeans from this link : http://netbeans.org/downloads,
I had a message in the download bar saying it was dangerous with only a discard button. I opened the download folder, renamed the temporary download file from *.crdownload to *.exe and could launch it

Comment 1 by kerrnel@chromium.org, Feb 21 2017

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

If the user consciously renames the file in the OS file manager and launches it, I do not consider that to be a bug in Chrome, unless there is a way to remotely trigger the bypass.

►

Issue 694690 link

Issue metadata

Security: Launching blocked application by renaming them to .exe

Issue description

Comment 1 by kerrnel@chromium.org, Feb 21 2017

Comment 1 Deleted

Sign in to add a comment