New issue
Advanced search Search tips

Issue 694690 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Launching blocked application by renaming them to .exe

Reported by frankb...@gmail.com, Feb 21 2017

Issue description

VULNERABILITY DETAILS
Blocking dangerous files can be easily bypassed

VERSION
Chrome Version: Version 56.0.2924.87 (64-bit) Stable
Operating System: [Win 7 ultimate x64, service pack 1]

REPRODUCTION CASE
After downloading NetBeans from this link : http://netbeans.org/downloads,
I had a message in the download bar saying it was dangerous with only a discard button. I opened the download folder, renamed the temporary download file from *.crdownload to *.exe and could launch it
 
Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
If the user consciously renames the file in the OS file manager and launches it, I do not consider that to be a bug in Chrome, unless there is a way to remotely trigger the bypass.

Sign in to add a comment