0

The title says it all, I was wondering if some malicious code could be placed in the image file (the formats I am concerned with are JPEG, PNG and WEBP, basically the common formats available when you download from google), for example as metadata, so that it would be executed when opened (or simply downloaded but that seems less likely), and if such malicious images can be obtained from Google Images after rightclicking on it after a search and selecting "save image as".

schroeder
  • 123,438
  • 55
  • 284
  • 319
DaddyMike
  • 45
  • 2
  • 5
  • Is it possible? Sure. Will it have a specific effect on *your devices*? It depends on the vulnerabilities in the software you use to view the files. – schroeder May 11 '20 at 10:18
  • Any file type can have malware. It's up to the program that runs/opens it if it will have an effect. – schroeder May 11 '20 at 10:19
  • Google Images is just a search engine. Google doesn't host the files. So the fact that they are on Google Images is meaningless. They are hosted by the site that hosts them. – schroeder May 11 '20 at 10:21
  • The suggested duplicate is wrong. Your question is different. I was about to write an answer, but since this question is now closed, I'll just leave a short comment. Answer: very unlikely, if not impossible. Reason: the images you see on Google searches come from Google, and they have been re-encoded to make them smaller. It is very unlikely, if not impossible, that embedded malicious code can survive such process. Also try this with the "Artist's shit" image from Wikipedia: `strings -a original.jpg` will print metadata, dates, etc. The re-encoded image from Google won't. – reed May 11 '20 at 10:25
  • Note that if you click on the images (left-click), Google might fetch the original one in the preview. If you right-click on them though, apparently you are only going to get Google's re-encoded (small) images. – reed May 11 '20 at 10:27
  • @reed I was able to right-cliok, "save as..." an image in Google Images and the metadata was intact. The images are *not* from Google. There may be thumbnails that are re-encoded to save space, but not all images follow this pattern. – schroeder May 11 '20 at 10:58
  • @schroeder, that's weird. I even tried some searches and checked the network tab in the browser's dev tools, I saw no requests to servers other than Google's. The image from the original server is only loaded if you left-click on it first, then Google will show you a preview loading the original image. The only thing I can't be 100% sure now is if Google re-encodes *every* image, or if the smallest images are just copied without re-encoding. – reed May 11 '20 at 12:15
  • @reed I can't comment on completeness of effect or design intent, merely that it is possible for metadata to survive as I just tried it and found that it was possible. I have no idea what that "means" – schroeder May 11 '20 at 16:30

0 Answers0