New issue
Advanced search Search tips

Issue 681140 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jan 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

User INFO leak

Reported by razvan3v...@gmail.com, Jan 13 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce the problem:
1.Open the app
2.The app will take all your log in info
3.The hacker can blackmail you

What is the expected behavior?
Once the app is opened it will download all your log in info, the website's address and the exactly date your last log on the website

What went wrong?
With just a few changes on the apps code lines it will be able to send an .txt file to an specified email and leak all of chrome user's log in history with the log in info.
Even the bank account info (username and password) Gmail has an amazing password encryption and still the app can break the password. The app takes the password an username even if you don't save it on chrome. List of websites that the app can take their info:

Google.com
Youtube.com
PayPal.com
FaceBook.com
Amazon.com
Netflix.com
...

There are some sites that the app can't take their user info but not so many.

Did this work before? N/A 

Chrome version: 55.0.2883.87  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 24.0 r0

I've made this app as a joke but is more powerful and dangerous than i thought and I wanted you to know about it.
I hope it will qualify for a prize.
 
Proof.png
1.2 MB View Download
Proof1.png
115 KB View Download
Labels: Needs-Feedback
Am I understanding correctly that this requires the user running an external, and untrusted, .exe file on their computer? In that case, this would be outside of Chrome's threat model.

Comment 3 by est...@chromium.org, Jan 24 2017

Status: WontFix (was: Unconfirmed)
Closing based on lack of response from reporter. It sounds like this report is outside of Chrome's threat model as mentioned in Comment 2. See https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- for more explanation.
Project Member

Comment 4 by sheriffbot@chromium.org, May 3 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment