Security: Google Chrome and Chrome Cleanup Tool
Reported by
eumodssocial@gmail.com,
Dec 14 2016
|
||||||||
Issue descriptionDETAILS This is very importand security bug. Please follow the steps. 1.Open 2 (two) user on Windows 10. One is Administrator and other is normal user. 2.In administrator user, open chrome,for example login facebook,save passwords and add bookmark. 3.Close this user and go to normal user. 4.Download Chrome Cleanup Tool and Run 5.Write your Administrator password. 6.Follow steps. 7.Here importand: When everything is finished, tool open your Administrator chrome profile in normal user. So, hello facebook! If you want to ask me, how normal users know my account password, Think about it, There can be many ways. It may fool you. VERSION Chrome Version: [55.0.2883.87 m (64-bit)] + [stable] Operating System: [Windows 10]
,
Dec 14 2016
I /think/ the claim here is that when an admin agrees to perform an over-the-shoulder Elevation to run the Chrome cleanup tool for a non-admin user, Chrome's data from the elevated account gets cloned into Chrome's data storage for the current Windows login user?
,
Dec 15 2016
This isn't something we'd consider a security bug for the same reasons outlined in https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
,
Dec 15 2016
Reopening and reclassifying as a functional bug.
,
Dec 16 2016
,
Dec 29 2016
,
Jan 12 2017
,
Nov 14 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 Deleted