Issue metadata
Sign in to add a comment
|
Security: Automatic code execution via downloads.open on macOS
Reported by
chromium...@gmail.com,
Mar 31 2018
|
||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 67.0.3385.0 (Official Build) canary (64-bit) Operating System: Mac REPRODUCTION CASE 1. Install the extension. 2. The program (poc.dmg) should be opened without any warnings, and it's definitely bad behavior.
,
Apr 1 2018
This description and POC are nearly identical to Issue 793620 , a FIXED issue which was made public three hours before this report was filed. Please be sure to cite your sources when filing new reports.
,
Apr 2 2018
I have some troubles reproducing this. The file link used in background.js doesn't seem to work. I've replaced the link with: https://download.sublimetext.com/Sublime%20Text%20Build%203143.dmg Now I can get the file downloaded once I click on the extension icon, but the execution doesn't happen. I used Version 65.0.3325.181 (Official Build) (64-bit) though, let me check with the canary build you mentioned.
,
Apr 2 2018
I also can't reproduce it with Version 67.0.3386.0 (Official Build) canary (64-bit). WontFix.
,
Apr 2 2018
The POC sorta works for me in Chrome 66, except that the opened file is the one generated by the Data URI and thus it's harmless/rejected by the system. In Chrome 67.0.3386.0, the repro fails with the console showing an error each time setTimeout fires: Unchecked runtime.lastError while running downloads.open: User gesture required
,
Apr 2 2018
I am still able to repro with the latest version of Canary.
,
Apr 2 2018
Can you attach a screen recording using Quicktime?
,
Jul 10
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Mar 31 2018Labels: OS-Mac