New issue
Advanced search Search tips

Issue 698286 link

Starred by 1 user

Issue metadata

Status: Duplicate
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Download Spoof

Reported by samuels...@gmail.com, Mar 3 2017

Issue description


VULNERABILITY DETAILS

When the download prompt is called it stays on top of the browser making it easy to fool the client, the attacker can request a download and then open a link

VERSION
Chrome Version: 56.0.2924.87 (64-bit) stable
Operating System: [Windows 10, Home single language, and more recent service pack]

REPRODUCTION CASE
Open site: https://save-acab.rhcloud.com for simulate or download file

Solution: Open the download prompt in the tabs of sites individually with your domain



 
index.html
390 bytes View Download
Rec#01.avi
4.2 MB Download
Mergedinto: 121259
Status: Duplicate (was: Unconfirmed)
This is Issue 121259
Labels: -Restrict-View-SecurityTeam allpublic

Sign in to add a comment