Home

Awesome

📝 Description

Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski

Total Bug Bounty Reward: $5.000

This is Proof of Concept for:

The main security issue here is the operating system dialog "Save as" launched by Google Chrome, is showing to the user the wrong file extension of downloaded the file. It shows "Save as type: JPEG (.jpg)" but downloads virus.jpg.lnk that can download and run virus.exe by PowerShell.

So it is a kind of spoofing extension of downloaded a file.

The bugs works in Google Chrome 86 and 87 on Windows, Mac, and Linux. Of course, LNK works only on Windows, but we can change it to a different extension on Linux or Mac.

Google Blog posts:

Mentioned bugs are "Reported by Maciej Pulikowski"

📺 Youtube Proof of Concept

https://www.youtube.com/watch?v=l9swTtaRDNs

PoC Video

Thanks for the thumbs up 😀👍

👨‍💻 Code PoC

Requirements: Nothing, you just need to run an HTML file in an older version of Google Chrome 86 or 87. If you want to test it with a .lnk file, you have to create FUD "lnkextra.lnk" file, because it is not included.

💻 Useful links

🤝 Show your support

Give a ⭐️ if you liked the content

✔️ Disclaimer

This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.