This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
I have recently purchased two computers of the same make and model (lenovo t420). One of them was returned to the store, with the chrome history completely cleared. The second one came with a clean copy of windows 7 and the first thing i did was to install chrome from internet explorer. After entering my google credentials, i was able to also login to my Facebook account - apparently Google has saved my Facebook login credentials and does not adequately validate login requests from new computers. Hence, anyone with my google password may also access my Facebook account.

VERSION
Chrome Version: 50.0.2661.102 (Official Build) m (32-bit)
Operating System: [Windows 7 SP 1]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]