Issue metadata
Sign in to add a comment
|
Security: Same directory name used for ChromeOS guest mode after reboot
Reported by
resea...@nightwatchcybersecurity.com,
Mar 17 2016
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS User's home directory remains the same after reboot in guest mode. While it maybe be backed by tmpfs, it would be nice to randomize. VERSION Chrome Version: 49.0.2623.95 (Official Build) (64-bit) Operating System: ChromeOS 7834.60.0 (= Official Build) stable-channel parrot REPRODUCTION CASE Login to Chrome OS in guest mode. Go to "chrome://version". Observe the profile path being "/home/chronos/u-XXXXX". Reboot the Chromebook, and try again. The profile path remains the same.
,
Mar 21 2016
,
Mar 23 2016
seems nice a nice to have, but I think this is at most Low, if not Lower than Low.
,
May 4 2016
,
Mar 9 2017
,
Jan 30 2018
mnissler@/jorgelo@, what do you think? Is this a security bug? I don't see any evidence this is exploitable.
,
Jan 31 2018
I don't know how you'd exploit this to do anything useful.
,
Apr 4 2018
Should we just close this?
,
May 29 2018
,
Sep 5
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mea...@chromium.org
, Mar 18 2016Owner: mdempsky@chromium.org
Status: Assigned (was: Unconfirmed)