At specific website after clicking a link, file is downloaded without any warning and after opened without any warning
Reported by
vba...@gmail.com,
Jul 31
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36 Steps to reproduce the problem: 1. Go to the: https://www21.atwiki.jp/botubotubotubotu/pages/28.html 2. Click link named "Ver.1.22" 3. The file is downloaded without any warning and after opened without any warning. What is the expected behavior? My web browser settings are to ask about where store the downloaded file. What went wrong? After clicking a link, the file is downloaded without any warning and after opened without any warning. Did this work before? N/A Chrome version: 68.0.3440.84 Channel: stable OS Version: 8.1 Flash Version: My web browser settings are to ask about where store the downloaded file and it always works so. But on that website, file (archive) is downloaded without asking where to store and after the archive is opened in Windows Explorer without any warning. The problem is in the link not on the page. If you just copy link and past in another window, the file will be downloaded without any warning and after opened without any warning. Also, another link I found that behaves the same way: http://www36.atwiki.jp/mbfire/?cmd=upload&act=open&page=Photo%20stock&file=Fire%20Arrow_patch_1003_to_1004.zip I think the problem is in link address which has "cmd=upload&act=open" in it. Have not tested on other file types, like executables, but even with zip files that bug does not look safe.
,
Aug 1
I have looked at settings and there was option to open certain types of files automatically. I pressed "Clear" and now chrome asks to save as zip files. I realize that If I select "Always open this types of files" in downloaded file dialog that option appears in settings. So this is an issue. Anyway it is quite easy to accidentally set to open file automatically which I think is dangerous and there should be some confirmation dialog or some other way to warn user what he is doing when setting this option.
,
Aug 1
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 1
,
Aug 1
Thanks for the clarifications! Well, that seems to work as intended then. I'm removing this issue from the security queue but leaving open in case any other developers want to comment on that and consider adding a confirmation dialog.
,
Aug 1
,
Aug 6
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmoroz@chromium.org
, Aug 1