VULNERABILITY DETAILS
User A uses Chrome as primary browser but never signs in to the browser itself, only Google web sites. User B opens Chrome and signs in to their Google account. Once done, User B signs out of Chrome and removes their profile. User B now has all of User A's private information (logins, autofill data, bookmarks) saved to their Google account.

I have duplicated this issue twice now on friends' computers -- one running Windows and a MacBook. I can now login as them from my phone or tablet then switch immediately to Gmail and delete the "new sign from device" email. This is a severe security oversight. All Chrome data generated when no one is logged in should be kept separate from users who log in to Chrome.

VERSION
Chrome Version: Version 49.0.2623.108 m (stable)
Operating System: Windows 10 Pro Version 1511 OS Build 10586.104 + brand new MacBook Pro (version unknown)

REPRODUCTION CASE
Included is a screenshot of me able to use and login as both of my friends on my cellphone. Neither one has ever touched any of my devices. I am doing this solely off data added to my Google account when I logged into their Chrome browsers.
 

Deleted: Screenshot_2016-03-25-23-33-46.png 237 KB

	Screenshot_2016-03-25-23-33-46.png 237 KB View Download

Deleted: Screenshot_2016-03-27-18-06-25.png 202 KB

	Screenshot_2016-03-27-18-06-25.png 202 KB View Download