New issue
Advanced search Search tips

Issue 765536 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 691948
Owner: ----
Closed: Sep 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: LuminPDF Security FLAW

Reported by kaneat...@gmail.com, Sep 15 2017

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Chrome application "LuminPDF" strips security setting from a secured PDF. For example if I upload and secured pdf in my GOOGLE DRIVE. I can view it using LuminPDF. If I chose to print to PDF, the pdf security settings are lost therefore it is now an unsecure PDF. This is very major issue being that a malicous person could either delete or alter digitally signed documents. Beeng in the military we rely on digital signatures very heavily.Google Drive is also heavily used and by LuminPDF being the default pdf viewer, this is a huge security issue.     

VERSION
CHROME LuminPDF



 
LuminPDF-Security.pdf
296 KB Download

Comment 1 by mea...@chromium.org, Sep 15 2017

Mergedinto: 691948
Status: Duplicate (was: Unconfirmed)
Hi, a similar bug was just reported earlier today ( bug 765508 ).

We do not consider this a security bug. You can see an explanation at https://bugs.chromium.org/p/chromium/issues/detail?id=691948#c1 and the next comment.

Thanks.
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 22 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment