Issue 698286 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Mar 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Download Spoof

Reported by samuels...@gmail.com, Mar 3 2017

Issue description


VULNERABILITY DETAILS

When the download prompt is called it stays on top of the browser making it easy to fool the client, the attacker can request a download and then open a link

VERSION
Chrome Version: 56.0.2924.87 (64-bit) stable
Operating System: [Windows 10, Home single language, and more recent service pack]

REPRODUCTION CASE
Open site: https://save-acab.rhcloud.com for simulate or download file

Solution: Open the download prompt in the tabs of sites individually with your domain

index.html
390 bytes View Download

Rec#01.avi
4.2 MB Download

Comment 1 by elawrence@chromium.org, Mar 3 2017

Mergedinto: 121259
Status: Duplicate (was: Unconfirmed)

This is Issue 121259

Comment 2 by elawrence@chromium.org, Mar 3 2017

Labels: -Restrict-View-SecurityTeam allpublic

►

Issue 698286 link

Issue metadata

Security: Download Spoof

Issue description

Comment 1 by elawrence@chromium.org, Mar 3 2017

Comment 1 Deleted

Comment 2 by elawrence@chromium.org, Mar 3 2017

Comment 2 Deleted

Sign in to add a comment