• Chrome PDF viewer "save as" vulnerability

    Found a small vulnerability related to Chrome PDF viewer today, I sent a report to google and it should be fix soon with low priority.


    Here's the details :


    VULNERABILITY DETAILS

    By crafting a malicious html page with the only purpose of displaying a pdf file, a user who would like to save the pdf file in question with Chrome PDF viewer, would get a completely different pdf file.


    VERSION
    Chrome Version: [19.0.1084.52\21.0.1163.0 dev-m] [stable+dev] did not test beta version
    Operating System: [Windows, XP/7, SP3/SP1]



    REPRODUCTION CASE

    Setup:

    2 pdf files (good.pdf & infected.pdf)
    Google Chrome Version: [19.0.1084.52\21.0.1163.0 dev-m]

    Load the malicious html page, you are now viewing good.pdf, click "save as" and the saved file will be infected.pdf, open the pdf file and notice that it is not the original file from the html page.

    Test case : http://kittybomber.com/pdf.html

    I tested this vulnerability on IE8 / IE9 / Safari / Opera / Firefox and they either load infected.pdf or they are saving the good file.
    This article was originally published in forum thread: Chrome PDF viewer "save as" vulnerability started by Globz View original post
  • G4H Facebook

  • G4H Twitter