UPDATE: After eight hours, the issue is now fixed. Original article below.
Safe Browsing errors shown in Google Chrome and Firefox are blocking users from downloading binary files from GitHub.
The issue appeared today and was first spotted around 06:00 UTC. Only binary files (EXE, MSI, etc.) appear to be blocked. Users downloading ZIP or TAR files from GitHub do not see the error.
Only a small number of GitHub users are affected. This is because GitHub is a source code hosting service and most served downloads are in the form of ZIP and TAR files.
Nonetheless, there are projects that host their binary installers on the site, and use it as their main distribution channel. It was through these projects that the issue came to light after users complained they couldn't download EXE files for apps such as the Atom Editor or KeePassXC.
Users attempting to download these files get the standard "Deceptive Site Ahead" warning. This warning is generated by Google's Safe Browsing service, integrated with Chrome, Firefox, and a few other browsers.
Below is the message shown to users attempting to download binary files from GitHub.
This web page at github-production-release-asset-2e65be.s3.amazonaws.com has been reported as a deceptive site and has been blocked based on your security preferences.
Deceptive sites are designed to trick you into doing something dangerous, like installing software, or revealing your personal information, like passwords, phone numbers or credit cards.
Entering any information on this web page may result in identity theft or other fraud.
Bleeping Computer confirmed that the error was still active at the time of writing, in both Chrome and Firefox. Users who spotted the error also shared their findings on Reddit, Stack Exchange, and Twitter.
Haha CC @github @awscloud @firefox occured at https://t.co/Y9dO4GETRX pic.twitter.com/CgLaZzJyJH
— Lars (@ExSionPC) July 25, 2017
#DeceptiveSiteAhead red page when downloading releases from @github . multiple repos .. @awscloud @firefox ... someone did a boo boo ??
— Prateek Nayak (@prateek_1708) July 25, 2017
Hmm. Firefox is telling me that #keepassxc is a deceptive site on @github pic.twitter.com/WnBxHkiZb9
— Tim Wilkes (@TimmehWimmy) July 25, 2017
What. pic.twitter.com/Vx5X6MZhFU
— Deiru Wisaeu (@DeiruSan) July 25, 2017
weird. got that warning when I was downloading something on github via firefox.
— Mikko Luis Saavedra (@weetabix_su) July 25, 2017
Firefox refuses to download release archives from Github at random, marks the webpage as "malicious". https://t.co/8rFdOLANKP
— Yutaka Matsubara (@mopemope) July 25, 2017
@github Your S3 release server is marked as phishing by @googlechrome and @firefox, what's up?
— Kristopher Ives (@kristopherives) July 25, 2017
Firefox presenting a Deceptive Site warning when trying to download a popular github resource. Should I ignore it? https://t.co/q0GUQiejBW…
— Cx2H (@CyberHitchhiker) July 25, 2017
Oups, je tombe là-dessus (Chrome + FF) en tentant de récupérer la dernière version de keepassxc sur https://t.co/NwMEKXTj4e !
— Bruno Tréguier (@btreguier) July 25, 2017
Problème ? o_O pic.twitter.com/VqcWM95McQ
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now