New issue
Advanced search Search tips

Issue 659160 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Gmail Login Bug

Reported by sandeep2...@gmail.com, Oct 25 2016 
Respected sir/madam,

VULNERABILITY DETAILS
Whenever i type "Gmail sign in" in search, the first 2 results seems to have a problem(however i am already signed in),click on the first result i.e "Login to Google - Sign in - Google Accounts https://accounts.google.com/ServiceLogin?sacu=1&hl=EN" and then you have to login again(but i have already logged in then why i have to login again?)
and when i click the 2nd result it automatically logs me in the account.

VERSION
Chrome Version: [53.0.2785.143 m] + [stable]
Operating System: [Windows 10 Pro 10.0.14393 Build 14393 ]

NOTE: I just checked and it could led to a major Security bug if not dealt with.



Sandeep Bhasker
gmail sign in - Google Search - Google Chrome 10_25_2016 09_06_51 PM.mp4
9.5 MB View Download

Comment 1 by elawrence@chromium.org, Oct 25 2016

Status: WontFix (was: Unconfirmed)
This is not a vulnerability in Chrome.

Your video shows two search results:

1. GMail Sign In Page
2. GMail Application

If you click the GMail Sign In Page link, you get exactly that, the page to allow signing into Gmail.

If you click the GMail Application link, you navigate to Gmail. If you have already signed in, then gmail loads without prompting you to select an account and/or provide a password.

You may ask "Q: Why does asking for the Sign In Page give me the sign in page instead of recognizing that I am already signed in and loading GMail automatically." This is not a question for the Chrome team, but the most likely explanation is "A: Because you might have multiple Gmail accounts, and the sign-in page allows you to easily select a different gmail account to log in with."
Project Member

Comment 2 by sheriffbot@chromium.org, Feb 1 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment