Download Protection Bypass: .torrent files can be modified to bypass Full Ping
Reported by
bjornbjo...@gmail.com,
Sep 21 2017
|
||||||||||||||||||||||||||||||
Issue descriptionVERSION Chromium Version: 60.0.3112.113 (Developer Build) 64-bit Operating System: Ubuntu 16.04.3 LTS 64-bit REPRODUCTION CASE a Full Ping of a .torrent file can be avoided by renaming the filename extension to .btapp, .btinstall, .btkey, .btsearch or btskin, e.g. x.torrent -> x.btapp. transmission(default Ubuntu torrent program) opens the renamed files as .torrent files. Chromium does not check this filename extensions. im attaching my test files.
,
Sep 21 2017
,
Oct 3 2017
I'm focusing on some other work at the moment but I'll come back to this on or before 10/12. Sorry for the delay here.
,
Oct 12 2017
,
Oct 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8add59a69da35f2cc0c3585fa44cac696a3d003c commit 8add59a69da35f2cc0c3585fa44cac696a3d003c Author: Nathan Parker <nparker@chromium.org> Date: Fri Oct 27 23:07:31 2017 Add a number of new download_file_types, and some enums we were missing. Add btapp, btbtskin, btkey, btinstasll, btsearch, dhtml, dhtm, dht, shtml, shtm, sht, vdx, vsx, vtx, vsdx, vssx, vstx, vsdm, vssm, vstm. Fix up enums that weren't correct before, an remove some platform_settings that are set to the defaults anyway. Bug: 771469 , 767502 , 762702 Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation Change-Id: I4114c35e3f1a56a067f9b61bb54bfe3a8a801531 Reviewed-on: https://chromium-review.googlesource.com/736161 Commit-Queue: Nathan Parker <nparker@chromium.org> Reviewed-by: Luke Z <lpz@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: David Trainor <dtrainor@chromium.org> Cr-Commit-Position: refs/heads/master@{#512338} [modify] https://crrev.com/8add59a69da35f2cc0c3585fa44cac696a3d003c/chrome/browser/resources/safe_browsing/download_file_types.asciipb [modify] https://crrev.com/8add59a69da35f2cc0c3585fa44cac696a3d003c/content/browser/download/download_stats.cc [modify] https://crrev.com/8add59a69da35f2cc0c3585fa44cac696a3d003c/tools/metrics/histograms/enums.xml
,
Nov 1 2017
Pushed via component update.
,
Nov 2 2017
,
Nov 17 2017
i was wondering if this bug qualifies for the Chrome Reward Program?
,
Feb 8 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 8 2018
Re #c8: Unfortunately reporting file extensions that we don't send the ping for does not qualify for a VRP reward under the rules of the VRP program: From https://www.google.com/about/appsecurity/chrome-rewards/index.html "The extension of the binary file must be one of those that Chrome already tracks. This list can be found here: download_file_types.asciipb" |
||||||||||||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Sep 21 2017Labels: SafeBrowsing-Triaged
Owner: vakh@chromium.org
Status: Started (was: Unconfirmed)