Force file download without user interaction
Reported by
stuartne...@gmail.com,
Jul 26
|
|||
Issue descriptionThis template is ONLY for reporting Download Protection Bypass bugs within Chrome and is not for requesting a review of sites or binaries identified as malicious. VERSION Chrome Version: 68.0.3440.75 + stable Operating System: Windows 10 Home Version 1803 build 17134.165 REPRODUCTION CASE Please include a demonstration of the Download Protection / Safe Browsing bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. When the attached html file is loaded by chrome, a file is downloaded. In the example test provided, the javascript function "download" downloads the file peview.exe and saves it to the Downloads folder as download.exe. This javascript allows websites to force users to download files without any interaction with the webpage.
,
Jul 27
Thanks for reporting the issue. If the user has not disabled automatic downloads and Safe Browsing doesn't consider the file unsafe, then the file is allowed to auto-download. Please feel free to re-open the bug if you can get a file that should have been blocked by Safe Browsing to auto-download.
,
Nov 3
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by vakh@chromium.org
, Jul 27Owner: vakh@chromium.org
Status: Assigned (was: Unconfirmed)