New issue
Advanced search Search tips

Issue 677678 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment

Prompt for a password before autofilling credit card information

Reported by andresgu...@gmail.com, Dec 30 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce the problem:
1. Start to enter credit card info when buying at a website
2. Autofill offers to complete credit card information without extra security of prompting for a google password
3. 

What is the expected behavior?
Autofill ought to prompt for a password before autofilling credit card information. CC info is more sensitive than login information on a website and should be treated differently, with greater security. Now, if I'm simply logged into chrome, anyone who uses my computer can use my credit card information to buy whatever, if they know my security code. Why not offer the  option (at least) to make chrome prompt for a password before completing credit card autofill?

What went wrong?
If I am logged into chrome, anyone who uses my computer--and this applies particularly at home if I don't want my kids to buy something without my permission--can use autofill to enter my credit card information and make any old purchase they care to make, if they have my security code, which they could see easily if they have a glance at my card. This applies especially to family members.

Did this work before? N/A 

Chrome version: 55.0.2883.87  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by elawrence@chromium.org, Jan 1 2017

Components: UI>Browser>Autofill
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Feature
Summary: Prompt for a password before autofilling credit card information (was: Chrome ought to prompt for a password before autofilling credit card information)
Reclassifying as a feature request.

> If I am logged into chrome, anyone who uses my computer

Physically-local attacks are necessarily outside of the browser's threat model. If concerned about physically local attacks, you need to rely upon the Operating System's security mechanisms (typically, the User Account) to protect your information.

https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-

> CC info is more sensitive than login information on a website

That may or may not be true.

Comment 2 by nyerramilli@chromium.org, Jan 4 2017

Labels: Needs-Triage-M55

Comment 3 by zkoch@chromium.org, Jan 4 2017

Status: WontFix (was: Unconfirmed)
Thanks for reporting!

For credit cards that are saved locally, I don't think we can prompt for any kind of password, as they are stored only on your local device, and #1 mentions why those types of attacks are outside Chrome's threat model.

For cards in Google Payments, we follow industry advice and ask for a CVC to verify you have the card in hand to prevent against fraud. At that point, you can choose whether you would like to save the card locally or not, and you can always choose not to (which in turn always requires a CVC).

This feels sufficient to me, so going to mark this as WontFix, but feel free to follow up if you disagree with our assessment.

Sign in to add a comment