New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 627440 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 2016
Cc:
ya...@nightwatchcybersecurity.com
ta...@google.com
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Some settings can be bypassed by guest users on ChromeOS

Reported by resea...@nightwatchcybersecurity.com, Jul 12 2016 
VULNERABILITY DETAILS
Using dev tools on ChromeOS it is possible to bypass some settings which are disabled. We looked at the channel setting, and things like predictive typing but assuming that others can be also. The changes DO NOT persist after reboot.

VERSION
Chrome Version: 51.0.2704.106 (stable)
Operating System: ChromeOS 8172.62.0 (stable)

REPRODUCTION CASE
1. Open settings panel by going to "chrome://settings".
2. Press Ctrl-Shift-J to open dev tools.
3. Use the inspect tool to remove the "disabled" attribute on any setting.
4. Reload settings panel to confirm.

Comment 1 by ta...@google.com, Jul 13 2016

Status: WontFix (was: Unconfirmed)
The settings' values are not actually changed, even between refresh.

Are your settings in effect?

Please re-open it if I misunderstand something.

Comment 2 by ta...@google.com, Jul 13 2016

Cc: ta...@google.com
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 19 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by infe...@chromium.org, Mar 9 2017

Cc: ya...@nightwatchcybersecurity.com

Sign in to add a comment