New issue
Advanced search Search tips

Issue 676953 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: The lack of security in accessing the data saved in the chrome browser is the problem.

Reported by nevinkos...@gmail.com, Dec 25 2016 
VULNERABILITY DETAILS
The problem is that all the saved content on Google Chrome Browser is vulnerable to scanning by unauthorized application,which can lead to data theft and hijacking of various accounts and credit card credentials.

VERSION
Chrome Version:  PC:[55.0.2883.87] 
                  PC:[55.0.2883.91]
Operating System: [Windows/Android OS,all versions and service pack level]

REPRODUCTION CASE
Steps to reproduce:
  1.Add a plugin or app via the Internet onto the victim's browser
  2.the link chrome://settings/{passwords or autofill.}These links are freely accessible by typing pasting them in the google search bar.
  3.the data can be collected from these tabs,and by emulating the "edit" click ,all individual data can be collected

The chrome security defect lets random apps to be added as plugins.Well these "harmless" plugins/other apps can freely  access the saved passwords/credit-ails on the browser.The vulnerability let any app scan these details with ease,with no detection what so ever. So due to these vulnerabilities,you can copy all the saved autofill data  and password by accessing chrome://settings/xxx -xxx: autofill or passwords.Each individual unit of data can be collected by emulating the edit button click on these data.Hence all these data which was previously copied, can be transmitted by these app to previously set database locations.

Comment 1 by elawrence@chromium.org, Dec 25 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)
Please see https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- for further discussion of why physically local attacks are not deemed vulnerabilities in the browser.

Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

Comment 2 by elawrence@chromium.org, Dec 28 2016 

 Issue 677272  has been merged into this issue.

Comment 3 by nevinkos...@gmail.com, Dec 29 2016 

Sir ,for this method,there is no need of hacking into anybody's else computer and taking over it.A simple email can carry the url of the plugin or the plugin itself.make it important looking,like a mail from google and you have the person install it in no time.So all the three laws are deemed invalid.Please consider this vulnerability.And I am sorry for making it look like it was hacking into their pcs.

Comment 4 by nevinkos...@gmail.com, Dec 29 2016 

a simple click by the user on the link is all that is needed.rest is done by the plugin/app in the background

Comment 5 by nevinkos...@gmail.com, Jan 1 2017 

Sir ..Please check my report again.

Sign in to add a comment