Issue metadata
Sign in to add a comment
|
Security: executable been initialized from suspicious site
Reported by
s...@firsov.net,
Aug 21 2017
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Yesterday happen a potential breach on livejournal.com from one of author's discussion page. Upon opening the discussion page from author timeline in Chrome browser the PC fan started intense cooling and in few seconds later some kind of executable been trapped by antivirus with "suspicious" message several times in a row. To me it looks like the Chrome browser been compromised and activated or created malware executables. I was not able to close browser in usual way by tab or "X" system menu and need to use Windows 10 task manager to kill the whole process. Than high CPU utilization been gone afterwards. Just in case PC have been rebooted. The source of high CPU use still unknown, antivirus was not able to detect it. VERSION Chrome Version: 60.0.3112.101 (Official Build) (64-bit) Operating System: Windows 10 Enterprise, up to date. REPRODUCTION CASE It will require to visit the malicious site which is a security concern. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: browser frozen, suspicious executable is blocked by antivirus several times. Crash State: N/A Client ID (if relevant): [see link above] PS. the email template has a wrong URL for security-faq.
,
Aug 21 2017
It does not seem like Issue 394296 - where no download happen. In this case the executable been run from browser without user prompt. There is a Snippet from history right before crash: 9:28 PM http://artemdragunov.livejournal.com/5025587.html#/comments 9:28 PM http://artemdragunov.livejournal.com/5025587.html#%2Fcomments 9:28 PM http://artemdragunov.livejournal.com/5025587.html#comments 9:27 PM http://artemdragunov.livejournal.com/ I am working with Cylance antivirus team to obtain the log. At the moment c:\windows\system32\werfault.exe is shown as blocked by CylancePROTECT antivirus.
,
Aug 21 2017
Not sure will it be helpful, from Microsoft site: "Werfault.exe" is used for Windows Error Reporting. It is a feature that allows Microsoft to track and address errors relating to the operating system, Windows features, and applications. It gives you the option to send data about errors to Microsoft and to receive information about solutions." In this case Werfault.exe was not downloaded but is a part of windows installation and meant to troubleshoot the frozen program. Most likely antivirus is not aware of such OS behavior. The issue seems to be a duplicate of Issue 394296
,
Nov 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Aug 21 2017Status: WontFix (was: Unconfirmed)