VULNERABILITY DETAILS
- The security vulnerability is base on the fact that login/password in HTML form are auto-complete is Chrome has enable this option (activated by default).
- The live rendering of the HTML page is the problem, if i edit the HTML code on my chrome page, i'm able to read ALL auto-completed passwords.

If i have access to a user session, i can get a lot of login/passwords very quicky. Just navigating on major webSites.

On macOS, password are stored in keychain. The security is strong because password session is required to access keychain data.
On Chrome ... if the password is autocomplete ... password are NOT safe.

VERSION
Chrome Version:  54.0.2840.98 (64-bit) stable AND probably all versions 
Operating System: MacOS 10.11.6 (15G31) AND probably all OS

REPRODUCTION CASE
1. Take a friend user sessions opened 
2. Navigate to any important website, GMAIL, FACEBOOK, WHATAPPS.
3. Disconnect you from the service if it's already connected
4. If the login/password is auto-complete, the job is done!
5. Click on the form, inspect HTML, change input type from "password" to "text"
6. The live rendering is done, you have the password !

By using this i was able to get my girl friend's passwords and i was able to get back my mission password which were protected by google.password (without using my google credentials)



 

Deleted: Chrome-security-issue.png 219 KB

	Chrome-security-issue.png 219 KB View Download