Issue metadata
Sign in to add a comment
|
Security bug granting Chrome O.S. users a way into other google users personal data, without their being any real form of connection.
Reported by
ben4tibb...@gmail.com,
Apr 12 2016
|
||||||||||||||||||
Issue description
VULNERABILITY DETAILS
When I logged onto my school computer, running chrome book O.S., using my normal, person/home, g-mail account, then went home and logged back into my account,on my personal home tower computer, running windows 10, I cleared all data and passwords from chrome's history, then re-logged into chrome went to you-tube and went to sign in. I then noticed that it was offering multiple other students from my schools e-mail addresses to log into. They have never used my chrome book, and I had the I.T. Department at my school wipe chrome off of the chrome book and reinstall it a few weeks earlier, and this is a personal school laptop. But my point is that it is a dangerous security threat due to the fact that whether or not it gives me the passwords to their e-mail addresses I,or someone meaning to do harm, not me, could use a simple brute force attack to crack the password to a given students e-mail. Gaining tons of personal information that could be very confidential. I would like to point out that I am not sure to the exact extent to which these e-mails addresses' information I have found 'leaked' onto my computer are, seeing as in I have no reason to try them. But I just thought I should point them out.I also feel that I should point out that no student or other person has used another google account on my current computer, my personal home one. I would like to thank you for your time and support in keeping everyone's data safe.
p.s I have never had anyone from the school bring their chrome book to my home, nor have I ever brought my tower to school.
VERSION
Chrome Book O.S; 47.0.2526.106 + stable
Now the Chrome Version is the newest one, as on my new pc it is fully updated and I had the issue again a day or two ago. I will admit I saw this issue a month back and just kept procrastinating on whether to report it or not, due to the fact that I'v been a bit busy lately. So to get to the point, it is on a few of the newer versions of Google Chrome.
I hope this information helps with improving googles security features/functions
~Sincerely Ben Tibbetts IV
,
Apr 12 2016
No, the laptop I use at school is a personal one, not used by anyone else, the school bought them chrome books for us for this school year, and we get to keep them when we graduate. I will admit, I left my google account signed on the school laptop, the chrome book, but it was that google account along with my school google account signed up in on it. Hope this helps clear things up. :) Good day.
,
Jul 20 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by tsepez@chromium.org
, Apr 12 2016