Open Bug 1475702 Opened 3 years ago Updated 2 years ago
[meta] Download protection should look inside archive files
A few things to note about Chrome's implementation: - all decompressors are run in a separate "utility" process that is heavily sandboxed (and their parser code has been fuzzed too) - they also decompress the various aliases for .zip and .dmg (e.g. .iso, .dmgpart, etc.) -- list of aliases is in the Chromium source code - they don't recursively decompress files, but they consider a zip-within-a-zip suspicious and do a remote lookup for those
You need to log in before you can comment on or make changes to this bug.