Chrome's Download Tab: Dangerous Files

Published: 2023-04-09
Last Updated: 2023-04-09 08:57:22 UTC
by Didier Stevens (Version: 1)
0 comment(s)

When Johannes mentioned on the Stormcast that 3CX's trojanized installer was blocked by Google Chrome, I remembed a feature I don't often use.

Here you see the blocked 3CX installer download blocked in Chrome:

Your only option is to click Discard (the up-arrow symbol offers no extra options).

But if you have this Discard option, then you can unblock the download in the Download Tab (menu entry Downloads):

And there you have the option to keep the file:

You have to confirm:

And then you can get the file from your Downloads folder (or whatever folder you selected).

This doesn't work for malware detected by an anti-virus (then you have no Discard option), like the EICAR file:

I rarely use this trick, because I usually download malicious or suspicious files from the command-line.

But sometimes when I have to use a browser (in a sandbox), I will use this feature.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords: chrome dangerous
0 comment(s)

Comments


Diary Archives