Issue metadata
Sign in to add a comment
|
Security: Easy way to stole saved password from google chrome
Reported by
tolya.ko...@gmail.com,
Oct 12 2016
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS You could steal saved passwords from other pc's using developer console. VERSION Chrome Version: all versions Operating System: Windows 7 and above REPRODUCTION CASE 1) Await while person leave you alone to do something on its pc 2) Open chrome://settings/passwords - to find out all sites where passwords are saved. 3) Visit all sites you are intrested in 4) Log out if needed 5) Open developer console ctrl+shift+j at network tab 6) submit a form and stop a request before response coming up (prevent page refreshing) 7) Find out a non-stared password in form-data section 8) profit SUGGESTIONS: Hide all form-data fields values from developer console that equals to password. Google chrome
,
Jan 19 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Oct 13 2016