Bug 78454

Summary: Chrome doesn't allow download of LibO .msi package claiming it's malicious
Product: LibreOffice Reporter: Anthony Gouldwell <ajgenator>
Component: WWWAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED NOTOURBUG    
Severity: critical CC: barta, bfo.bugmail, jerry.berglund, jmadero.dev, pierre.sundberg, robinson.libreoffice, serval2412, website
Priority: high Keywords: possibleRegression
Version: 4.1.6.2 release   
Hardware: Other   
OS: Windows (All)   
Whiteboard: BSA
Crash report or crash signature: Regression By:

Description Anthony Gouldwell 2014-05-08 18:55:45 UTC 
Problem description: 
Chrome blocks installation claiming .msi file is malicious.
Steps to reproduce:
1. Open LibreOffice 
2. Click download icon in top right of splash page (hovering indicates: "LibreOffice Update available, Click the icon for more information,."
3. Window opened: "LibreOffice 4.2.4 is available. The installed version is LibreOffice 4.1.4.2." Click Download button.
4. Web page opened: http://www.libreoffice.org/download/libreoffice-fresh/?type=win-x86&lang=en-US&version=4.2.4
5. Click green button: "Download version 4.2.4"
6. Donation invitation page opened: http://donate.libreoffice.org/home/dl/win-x86/4.2.4/en-US/LibreOffice_4.2.4_Win_x86.msi
7. In bottom left corner, info box appears: "LibreOffice_4.2.4_Wi....msi  <XX changes progressively> MB, <XX likewise> mins left.
8. In bottom left corner, message appears: "LibreOfficew_4.2.4_Wi....msi is malicious and Chrome has blocked it."
9. Checking Chrome's customise icon > Downloads provides list of downloads topped by: "LibreOffice_4.2.4_Win_x86.msi is malicious and Chrome has blocked it."

QUESTION: is the Chrome warning indicating a genuine problem with the installation of 4.2.4, or do I need to find out how to adjust Chrome's security settings?

Current behavior:

Expected behavior:

              
Operating System: Windows 7
Version: 4.2.4.1 rc
Last worked in: 4.1.4.2 release
Comment 1 tommy27 2014-05-08 20:11:51 UTC 
try 4.2.4.2 final released today
Comment 2 Julien Nabet 2014-05-11 12:49:48 UTC 
*** Bug 78553 has been marked as a duplicate of this bug. ***
Comment 3 Julien Nabet 2014-05-11 12:50:15 UTC 
Put it at New since there's a dup
Comment 4 tommy27 2014-05-11 14:21:42 UTC 
so it seems Chrome doesn't block *installation* but rather *download* of the LibO install package.

the duplicate is moreover about 4.1.6.2 release so it seems it's a more general issue towards any LibO install package.

question now is: which side is the bug? problem inside LibO package or Google Chrome false positive?
Comment 5 retired 2014-05-11 14:42:30 UTC 
setting to critical, since if people can't download LO via the most popular browser, is is very critical indeed.
Comment 6 Pierre Sundberg 2014-05-11 21:05:52 UTC 
I can verify that Chrome (Version 34.0.1847.131 m) on Windows 7, marks all three available released versions currently availably from https://www.libreoffice.org/download/libreoffice-stable/#change as malicios, and is blocking them.

Released versions:
- 4.1.6
- 4.2.3
- 2.2.4
Comment 7 bfoman (inactive) 2014-06-20 17:54:58 UTC 
NOTOURBUG candidate, but if every future download will be marked as malicious then TDF has problem with Google.
CCing QA people to take action if possible or escalate to ESC as this is not the first report about it.
Comment 8 Robinson Tryon (qubit) 2014-06-20 18:14:46 UTC 
(In reply to comment #7)
> NOTOURBUG candidate, but if every future download will be marked as
> malicious then TDF has problem with Google.
> CCing QA people to take action if possible or escalate to ESC as this is not
> the first report about it.

We file whitelist requests with Symantec for our binaries, but for other such systems there's not always a way to request a whitelisting. If you're unsure about the validity of a TDF binary, please do check the signature to verify it's genuine, as we do sign all of our installers.

Thanks!

Resolving -> NOTOURBUG
Comment 9 Robinson Tryon (qubit) 2015-12-15 10:54:55 UTC 
Migrating Whiteboard tags to Keywords: (possibleRegression)
[NinjaEdit]