New issue
Advanced search Search tips

Issue 681338 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jan 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Personal Identifiable Information cached, view-source, 0day

Reported by benedict...@gmail.com, Jan 14 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce the problem:
VERSION
Version 55.0.2883.87 m stable
Operating System: Windows 10 Home Single Language

REPRODUCTION CASE

1.Visit https://paytm.com/
2.Initiate a recharge and when it goes to second page(coupons page), cancel the recharge and logout and close the tabs.
3.Do a view-source of the coupon page when user is logged out. It will reveal users details like first and last name, email id, date-of-birth etc.

What is the expected behavior?
The browser must not cache these information 

What went wrong?
Even after the user has logged out and tabs are closed, a previously opened page's users personal information is being cached 

Did this work before? N/A 

Chrome version: 55.0.2883.87  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 24.0 r0

MailID:benedictcharles9395@gmail.com

Comment 1 by aarya@google.com, Jan 17 2017

Status: WontFix (was: Unconfirmed)
Please report it to the actual website tracking this info. And this is not a security vulnerability in Chrome.
Project Member

Comment 2 by sheriffbot@chromium.org, Apr 25 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment