VULNERABILITY DETAILS

I have found a way to expose user password in Chrome on Windows and Mac operating systems. It is very simple. First you need to say to your friend "bring me water" then when he/she leaves you just log out of his/her account and if they made "Remember my password" ticked in Chrome user name and password will be brought on. You can now see the username and password like dots or *. Then you open inspect elements and under code "password" you change "password" to anything. And vuola ---- you are able to see the password. This can be done on any login page they have marked save password. This is serious problem regarding security.

Great to be part of the team :)

VERSION
Chrome Version: [<49.0.2623.87 m] + [stable]
Operating System: [Windows XP,7,8,8.1,10, Mac <OS X]


REPRODUCTION CASE

<input type="password" class="inputtext" name="pass" id="pass" tabindex="2">
***Password not visible***

<input type="asd(type anything)" class="inputtext" name="pass" id="pass" tabindex="2"> >>> ***Password visible*** !!!


FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [no crash]
 

Deleted: Google password reveal.jpg 478 KB

	Google password reveal.jpg 478 KB View Download