Status Update
Comments
ps...@google.com <ps...@google.com> #2
aw...@chromium.org <aw...@chromium.org> #3
The Chrome PDF Viewer has an
ry...@google.com <ry...@google.com>
da...@google.com <da...@google.com> #4
This seems like a functional bug (saving an unedited PDF should not drop the signature), but not a security bug.
Furthermore, Chrome Root Store is not the proper type of trust store to validate PDF signatures, as it limited to the TLS use case.
th...@chromium.org <th...@chromium.org> #5
Since the PDF is generated by Print Preview, moving this out of the Ink Signatures component, which has nothing to do with cert-based digital signatures.
th...@chromium.org <th...@chromium.org> #6
See also:
ch...@google.com <ch...@google.com> #7
Setting milestone because of s2 severity.
ch...@google.com <ch...@google.com> #8
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.
If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security Impact hotlist or the Severity field, and remove the ReleaseBlock hotlist.
be...@google.com <be...@google.com> #9
da...@google.com <da...@google.com> #10
FYI: Removed release blocker because this is not a security bug, and ReleaseBlock was added because this temporarily was assigned Vulnerability + S2.
Description
Report description
Removal of Digital Signature from PDF using Chrome’s PDF Viewer
Bug location
Where do you want to report your vulnerability?
Chrome VRP – Report security issues affecting the Chrome browser. See program rules
Which URL (or repository) have you found the vulnerability in?
The problem
Please describe the technical details of the vulnerability
To begin with, the Chrome's PDF viewer, does not render or check the presence of any digital signature, which could be an expected behavior. But I discovered a vulnerability in Chrome’s built-in PDF viewer that allows an attacker to remove a digital signature from a signed PDF without detection. The document remains fully readable, and no warnings appear indicating that the signature has been removed or that the file has been modified.
This could allow attackers to forge contracts, invoices, or legal agreements by removing signatures from documents that users expect to be authenticated.
Steps to Reproduce
Observations:
Please briefly explain who can exploit the vulnerability, and what they gain when doing so
Digital signatures are intended to ensure the authenticity and integrity of a PDF document. If an attacker can remove a signature without detection, they can present a forged version of the document that appears valid. This could be exploited in scenarios involving legal contracts, financial documents, invoices, and government paperwork.
Whenever someone who is less literate in term of verifying the authenticity of the digitally signed documents is presented with such a modified document, they can read the text presented with the digital signature and believe the document to be authentic. However that is not the case and the document could very well be fabricated as per the attacker's choice.
The cause
What version of Chrome have you found the security issue in?
134.0.6998.89
Is the security issue related to a crash?
No, it is not related to a crash.
Choose the type of vulnerability
Crypto Weakness
How would you like to be publicly acknowledged for your report?
Jagdish Bharucha