VULNERABILITY DETAILS
I just thought I should notify someone of what I see as potentially being a bit of an issue with stored credit card details in Chrome.

If someone gets access to your computer and attempts to buy something with a credit card online, they can find out your credit card number by a process of elimination. 

How?

Because the option to use the stored credit card details will appear as long as you are typing a credit card number stored in the browser.

For example: a credit card number stored in Chrome is 1234 5678 9012 3456. User types 1234 and the prefill option appears above the field with the partial credit card number shown. The user can start guessing the next digit. If they enter 1234 1, the prefill will disappear, so they know that "1" is not the correct next digit. Once they type 1234 5, the prefill appears again, so they know they are on track. This will work all the way to the end, and is quite easy since the prefill will show the last four digits anyway.

I haven't fully tested this from first digit to last, but I've tested from about the 5th digit all the way to the end using the above method.

This only gives you the credit card number, and doesn't allow you to guess the expiry and CVV, but it still struck me as a potential issue I should let someone know about.


VERSION
Chrome Version: 48.0.2564.116 (64-bit)
Operating System: OSX 10.10.4

REPRODUCTION CASE
-See above, needs to be on an applicable page using online payments by credit card, and a credit card needs to already be saved in the browser for the user who is currently logged in to Chrome.