Chrome PDF viewer "save as" vulnerability
Found a small vulnerability related to Chrome PDF viewer today, I sent a report to google and it should be fix soon with low priority.
Here's the details :
By crafting a malicious html page with the only purpose of displaying a pdf file, a user who would like to save the pdf file in question with Chrome PDF viewer, would get a completely different pdf file.
Chrome Version: [19.0.1084.52\21.0.1163.0 dev-m] [stable+dev] did not test beta version
Operating System: [Windows, XP/7, SP3/SP1]
2 pdf files (good.pdf & infected.pdf)
Google Chrome Version: [19.0.1084.52\21.0.1163.0 dev-m]
Load the malicious html page, you are now viewing good.pdf, click "save as" and the saved file will be infected.pdf, open the pdf file and notice that it is not the original file from the html page.
Test case : http://kittybomber.com/pdf.html
I tested this vulnerability on IE8 / IE9 / Safari / Opera / Firefox and they either load infected.pdf or they are saving the good file.