Already in 2008 I've wrote article "Automatic File Download vulnerabilities in browsers" and I've informed Google about this issue in their browser. And they've already improved it in 1.x (to fix attack with exe-files).
But not enough, as attack with dll was still possible, as you showed (and in 2010 other researchers also drew attention on it). So if Google would fix this functionality better, then there was no possibility to attack with dll.
I'd like to see this happen on a slow (probably pentium 3) pc.
The download confirmation at the bottom of the window would probably take forever to appear and the file probably wouldn't be downloaded because the user clicked before the confirmation message appeared, where on a fast computer it would appear immediately before the user clicks the button on the webpage.
Aviv.
Already in 2008 I've wrote article "Automatic File Download vulnerabilities in browsers" and I've informed Google about this issue in their browser. And they've already improved it in 1.x (to fix attack with exe-files).
But not enough, as attack with dll was still possible, as you showed (and in 2010 other researchers also drew attention on it). So if Google would fix this functionality better, then there was no possibility to attack with dll.
MustLiveUA 1 week ago
This has been flagged as spam show
Must have been patched because it asks me to save the dll.
vahnfish 1 year ago
Comment removed
vahnfish 1 year ago
I'd like to see this happen on a slow (probably pentium 3) pc.
The download confirmation at the bottom of the window would probably take forever to appear and the file probably wouldn't be downloaded because the user clicked before the confirmation message appeared, where on a fast computer it would appear immediately before the user clicks the button on the webpage.
Finally, a reason to use old computers! :D
adamdmasi 1 year ago
cool :) best bug in Google Chrome :) ----> ( but it's not open directly ) :D
boly2000 1 year ago