This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
I was able to execute Javascript Code within the PDF Viewer during a Penetration Test on a Cloud Platform. I created a malicious PDF and the Javascript gets executed without asking for confirmation or a security warning. This vulnerability can be exploited to present the user a phishing page to a user to steal credentials from the user. 

VERSION
Chrome Version: Version 62.0.3202.62 (Official Build) (64-bit) + [stable]
Operating System: Linux version 4.10.0-37-generic (buildd@lgw01-amd64-037) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #41~16.04.1-Ubuntu SMP Fri Oct 6 22:42:59 UTC 2017

REPRODUCTION CASE
Opening the pdf locally or through a webapplication executes the javascript within the pdf. This is not allowed in Firefox.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]

 

Deleted: test.pdf 998 bytes

test.pdf 998 bytes Download

Deleted: chrome_js_01.png 20.9 KB

	chrome_js_01.png 20.9 KB View Download

Deleted: chrome_js_02.png 67.6 KB

	chrome_js_02.png 67.6 KB View Download