Google Chrome hacked teachers
Reported by
carlosfa...@gmail.com,
Aug 8 2016
|
||||||
Issue descriptionThe option "Ask if you want to save your passwords" that comes by default in Google Chrome I want to report that this option many university teachers leave their passwords stored in Chrome and therefore your files are hacked by students. Unlimited access to your files, it is a harmless but highly effective error. And if it's not I can give you a thousand accounts hacked teachers. Versión español La opción de "Preguntar si quieres guardar tus contraseñas" que viene por defecto en Google Chrome Quiero informar que con esta opción muchos docentes universitarios dejan guardado sus contraseñas en Chrome le dan si cuando le salta un anuncio y por ende sus archivos son hackeados por alumnos. Tenemos acceso ilimitado a sus archivos, es un error inofensivo pero de gran eficacia. Y si no lo es yo le puedo dar mil cuentas de profesores hackeados.
,
Aug 8 2016
Hi there, thanks for the report. This sounds to be more of a privacy decision and I don't know the background around it, so I'll let msramek give some background :)
,
Aug 9 2016
I must say that I don't clearly understand what is the bug reported here - or is your complaint that a password manager is a fundamentally dangerous feature? The most important thing to know is that we can not effectively protect passwords from malicious applications running in the same OS profile. If there are several users storing their passwords in different Chrome profiles, but using the same OS profile, we introduced some privacy remedies, such as reauthentication when viewing passwords, but it's still not secure. In a university environment where sharing computers is to be expected, I recommend setting up a policy to disable password manager - see here: https://www.chromium.org/administrators/policy-list-3#PasswordManager Assigning to vabr@ if he wants to add something.
,
Aug 9 2016
+1 to msramek's answer. Also, please feel free to have a look at our security FAQ at https://www.chromium.org/Home/chromium-security/security-faq (just search for items with "password"). Please try to clarify what your compliant is and what you would like to see fixed. Thanks! Vaclav
,
Aug 11 2016
I'm not a sysadmin, I'm just a young college student I want to report that discovered the key to more than 2,000 teachers through Google Chrome. The default installation of Chrome has allowed me to get teachers 2000 accounts and that could increase to more. Anyone without minimal computer knowledge could hack university teachers because teachers rely on Google Chrome and give to save password (Dreamers). The default installation can be a vulnerability ;)
,
Aug 19 2016
Thank you for providing more feedback. Adding requester "vabr@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 19 2016
Sorry, but your description did not clarify the bug further. It is not clear what the attack is (i.e., how the users get hacked). |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by carlosfa...@gmail.com
, Aug 8 201626.8 KB
26.8 KB View Download