Chrome's Download Tab: Dangerous Files, (Sun, Apr 9th)

Google Chrome icon (February 2022)
Google Chrome logo and computer icon, with Material Design motif used from February 2022

When Johannes mentioned on the Stormcast that 3CX’s trojanized installer was blocked by Google Chrome, I remembed a feature I don’t often use.

Here you see the blocked 3CX installer download blocked in Chrome:

Your only option is to click Discard (the up-arrow symbol offers no extra options).

But if you have this Discard option, then you can unblock the download in the Download Tab (menu entry Downloads):

And there you have the option to keep the file:

You have to confirm:

And then you can get the file from your Downloads folder (or whatever folder you selected).

This doesn’t work for malware detected by an anti-virus (then you have no Discard option), like the EICAR file:

I rarely use this trick, because I usually download malicious or suspicious files from the command-line.

But sometimes when I have to use a browser (in a sandbox), I will use this feature.

Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Alex Post