Google Git
Sign in
chromium / chromium / src / c7ac344237d0760c3e7d1361c456977050353263^! / . / docs / security / faq.md
commitc7ac344237d0760c3e7d1361c456977050353263[log] [tgz]
authorDaniel Rubery <[email protected]>Mon Oct 09 22:16:20 2023
committerChromium LUCI CQ <[email protected]>Mon Oct 09 22:16:20 2023
treeacc0975f8c428685ce33baf8ebc92376edcd9e55
parent6dba28d9a5defc5b7ce65e19b19ee94655947b04 [diff] [blame]
Add security FAQ entry about file type bugs

We're much less interested in these bugs than we used to be. It's nice
to have some documentation to point to as to why.

Change-Id: I2ef2d3c7ba6a7092489ddb86834581e3e6443ce7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4923529
Reviewed-by: Adrian Taylor <[email protected]>
Commit-Queue: Daniel Rubery <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1207331}

diff --git a/docs/security/faq.md b/docs/security/faq.md
index bab143c65..d1a8f2f 100644
--- a/docs/security/faq.md
+++ b/docs/security/faq.md

@@ -227,6 +227,21 @@
 it. You can see if a Safe Browsing check happened by opening
 chrome://safe-browsing before starting the download.
 
+<a name="TOC-what-about-dangerous-file-types-not-listed-in-the-file-type-policy-"></a>
+### What about dangerous file types not listed in the file type policy?
+
+The [file type
+policy](https://source.chromium.org/chromium/chromium/src/+/main:components/safe_browsing/content/resources/download_file_types.asciipb?q=download_file_types.asciipb%20-f:%2Fgen%2F&ss=chromium)
+controls some details of which security checks to enable for a given file
+extension. Most importantly, it controls whether we contact Safe Browsing about
+a download, and whether we show a warning for all downloads of that file type.
+Starting in M74, the default for unknown file types has been to contact Safe
+Browsing. This prevents large-scale abuse from a previously unknown file type.
+Starting in M105, showing a warning for all downloads of an extension became
+reserved for exceptionally dangerous file types that can compromise a user
+without any user interaction with the file (e.g. DLL hijacking). If you discover
+a new file type that meets that condition, we’d like to hear about it.
+
 <a name="TOC-I-can-download-a-file-with-an-unsafe-extension-but-a-different-extension-or-file-type-is-shown-to-the-user-"></a>
 ### I can download a file with an unsafe extension but a different extension or file type is shown to the user - is this a security bug?
 <a name="TOC-Extensions-for-downloaded-files-are-not-shown-in-a-file-dialog-"></a>
@@ -943,4 +958,3 @@
 depend upon architectural changes (e.g. breaking API changes); because the
 security improvement is a significant new feature; or because the security
 improvement is the removal of a broken feature.
-