New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 875435 link

Starred by 2 users
Status: Closed
Owner:
jialiul@chromium.org
Last visit > 30 days ago
Closed: Aug 17
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

VS Code 1.26.1 (stable) get's marked as "may be dangerous" blocking downloads and installations

Reported by kenn...@auchenberg.dk, Aug 17 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36

Steps to reproduce the problem:
Hi,

This is Kenneth from the VS Code team at Microsoft. We have an influx of user reports of user having problems downloading VS Code 1.26.1, our latests stable release from http://code.visualstudio.com/, as Chrome has started marking our binary as "not commonly downloaded, and may be dangerous".

This is affecting our install numbers, and is blocking for our users.

The webmaster console for code.visualstudio.com does't contain any security related warnings (see screenshot). 

Our download endpoints are:
- https://code.visualstudio.com (main website)
- https://vscode-update.azurewebsites.net (download service)
- https://az764295.vo.msecnd.net/ (CDN endpoint for binaries)

Please advice on how we can get our VS Code binaries marked as safe, so our users can download our product from Chrome.

/k

What is the expected behavior?

What went wrong?
Our installations are blocked.

Did this work before? N/A 

Chrome version: 68.0.3440.106  Channel: stable
OS Version: OS X 10.13.5
Flash Version:
chrome_warning.png
118 KB View Download
user_report.png
749 KB View Download
console1.png
396 KB View Download

Comment 1 by carlosil@chromium.org, Aug 17

Components: UI>Browser>Downloads UI>Browser>SafeBrowsing
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Owner: jialiul@chromium.org
Status: Assigned (was: Unconfirmed)
jialiul: Looks like this might be an issue with a false positive in Download Protection, can you take a look? Thanks.

Also since this is failing closed I'm removing the Security Bug restrictions.

Comment 2 by jialiul@chromium.org, Aug 17 

Sure, Carlos. Glad to help. 

kenneth@auchenberg.dk, Thanks for reporting!
Chrome uses Safe Browsing’s verdicts on the safety of downloads. To learn how to not get flagged with a warning in Chrome, please see https://support.google.com/webmasters/answer/3258249.  That also has a link to show the Security Issues Report for your domain within webmaster tools, and additional support suggestions.

I'll also start an internal escalation for this issue.

Comment 3 by jialiul@chromium.org, Aug 17

Status: Closed (was: Assigned)
Update: I've filed the escalation bug to safe browsing team. 

I'll close this issue for now.

Comment 4 by kenn...@auchenberg.dk, Aug 17 

Thanks for the prompt action here! Any way we can track the bug opened for the Safe Browsing Team? We'd like to understand how we got flagged and how this can be mitigated going forward.

Comment 5 by jialiul@chromium.org, Aug 17 

I'll let you know when it is resolved.

Comment 6 by kenn...@auchenberg.dk, Aug 17 

Thanks!

Comment 7 by jialiul@chromium.org, Aug 17 

Hi Kenneth,
Your issue should be resolved by now. 

Here's the response from safe browsing team.

--------------------------------
Hello kenneth,

If Google Safe Browsing hasn't seen a particular binary before, or if it's very new, Chrome will warn that it may be dangerous. In these cases the warnings are lifted automatically if the content was verified to be benign after scanning.

If you are having issues, please refer to the Search Console for further information or to Request a Review

Thanks,
Google Safe Browsing

Comment 8 by kenn...@auchenberg.dk, Aug 17 

Thanks for the update. I can hereby verify that we aren't getting blocked anymore. Thanks for the prompt responses and have a wonderful weekend!

Sign in to add a comment