Issue metadata
Sign in to add a comment
|
Security Bug : Normal mode for Chrome login doesn't require password when any supervisor mode account is deleted.
Reported by
rh...@uci.edu,
Jun 7 2016
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Normal mode for Chrome login doesn't require password when any supervisor mode account is deleted. We tried adding a new user for Chrome as a supervisor and tried to delete it. The following things didn't happen as expected. 1. No password was required to delete the account 2. Upon removal of user, the normal mode is automatically logged in back, which is a critical security issue. VERSION Chrome Version: 50.0.2661.102 + stable Operating System: [Mac OSX El Capitan] REPRODUCTION CASE The bug can be reproduced manually. Please create a new user in supervisor mode and then try to delete it. No password will be asked and Chrome browser will automatically log on to the original account back.
,
Jun 9 2016
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by nparker@chromium.org
, Jun 8 2016Status: WontFix (was: Unconfirmed)