VULNERABILITY DETAILS
Without entering security password, the chrome browser is converting and saving the password protected pdf file as clear file. 

DESCRIPTION
In PDF, "password Security" is a method to handle document restriction( The edition and conversion to Micorsoft Word ) 
The Acrobat editor and most kind of PDF editors requires this "security password" to edit and convert the doc to MS word.

Using chrome browser when opening and saving such password protected pdf file as a new pdf file, browser is silently ignoring the "Security properties" of the document. The newly created file will be a password clear fully authorized PDF file.


REPRODUCTION CASE
1. Open any password protected file in chrome browser.
2. press Ctrl + P to print the file 
3. Now change the destination as "Save as PDF"
4. Click on Save button and give valid file name and directory path
5. Now open and observe the properties of the newly saved pdf file.

OBSERVATION:
The Security properties of the PDF file is lost without feeding the master password, only a clear PDF file is stored on the new location.
This is leading anybody to modify the secured PDF file by the way they required without password.

VERSION
Chrome Version: [58.0.3029.110]
Operating System: [not OS dependent]


 

Deleted: Files.rar 58.3 KB

Files.rar 58.3 KB Download

Deleted: ScreenRecording.rar 13.8 MB

ScreenRecording.rar 13.8 MB Download