[TazeTSchnitzel]

That is Safari's default behaviour for ZIP files. Only to extract them, though.

[sammax]

So whenever the program used for extracting ZIPs has a vulnerability any website could force-download a malicious ZIP and it would automatically be extracted and trigger the vulnerability...

Why is "force-download" even a thing? IMO the browser should always ask before downloading any file. Though this is not a unique Mac thing, I believe Chrome does that everywhere.

[dividuum]

What happens with 42.zip and other zip bombs? https://www.bamsoftware.com/hacks/zipbomb/

[kergonath]

Still a terrible idea, though.