New issue
Advanced search Search tips

Issue 612361 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Credentials

Reported by jabin...@gmail.com, May 17 2016

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
I have recently purchased two computers of the same make and model (lenovo t420). One of them was returned to the store, with the chrome history completely cleared. The second one came with a clean copy of windows 7 and the first thing i did was to install chrome from internet explorer. After entering my google credentials, i was able to also login to my Facebook account - apparently Google has saved my Facebook login credentials and does not adequately validate login requests from new computers. Hence, anyone with my google password may also access my Facebook account.

VERSION
Chrome Version: 50.0.2661.102 (Official Build) m (32-bit)
Operating System: [Windows 7 SP 1]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]
 
Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
What you're describing sounds like sync working as intended. This feature can be disabled.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment