| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Sep 2008 13:53:51 +0300 (EEST) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: "nerex@...e.com" <nerex@...e.com>, Razi Shaban <razishaban@...il.com> Cc: bugtraq@...urityfocus.com Subject: Re: Google Chrome Automatic File Download This issue was assigned to BID31000: http://www.securityfocus.com/bid/31000 Juha-Matti Razi Shaban [razishaban@...il.com] wrote: > On 2 Sep 2008 22:58:27 -0000, nerex@...e.com <nerex@...e.com> wrote: > > Google's Chrome (BETA) allows files (e.g. executable files) to be automatically downloaded to the user's computer without any user prompt. > > > > To check the flaw, open a URL that points to an executable file. > > > > nerex > > > > There's a huge difference between downloading and running. If a file > that is unwanted is auto-downloaded, just delete it. No harm done. > > > -- > Razi >
Powered by blists - more mailing lists