New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 684092 link

Starred by 1 user
Status: WontFix
Owner:
lgar...@chromium.org
Last visit > 30 days ago
Closed: Feb 2017
Cc:
xzhou@chromium.org
mastiz@chromium.org
tschumann@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: I know my friends passwords when he has never signed in on my laptop.

Reported by bobrien...@icloud.com, Jan 23 2017 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
I can sign in to my firends account because  my chrome knows his password, but he has NEVER signed in on my laptop and I also have his roblox account password which he hasn't signed in on either, but I also have MY passwords as well so I'm not on his profile or anything, I got confused where to post this, so I hope its in the right place, but I am worried about my password getting out to other people.
VERSION
Chrome Version: 55.0.2883.87 m 64-bit (I think stable)
Operating System: Windows 7 Home Premium SP1

REPRODUCTION CASE


FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]
Security Bug Proof.PNG
46.4 KB View Download

Comment 1 by lgar...@chromium.org, Jan 23 2017 

If you or your friend go to chrome://settings/, do either you or your friend see the other's email as "Signed in as ..."?

Considering that this is happening just with you or someone you know, it seems likely both of you signed in to Google in the same browser profile, possibly at different times. Is that the cases?

Comment 2 by lgar...@chromium.org, Jan 23 2017

Labels: Needs-Feedback

Comment 3 by elawrence@chromium.org, Jan 31 2017

Components: UI>Browser>Passwords Services>Sync

Comment 4 by xzhou@chromium.org, Feb 2 2017

Cc: xzhou@chromium.org
Labels: Security_Severity-Low Security_Impact-Stable OS-Chrome
Owner: lgar...@chromium.org
Assigning to lgarron@.

Comment 5 by kenrb@chromium.org, Feb 2 2017

Status: WontFix (was: Unconfirmed)
Since this bug has been idle for a week and a half, it is reasonable to close it.

lgarron@'s suggestion in comment 1 is almost certainly correct. Most likely the bug reporter's friend was using a Chrome instance that was logged into the reporter's profile, and passwords that the friend entered were synced to the reporter's Google account. For this and other reasons, it is a good idea to sign out of your profile before letting other people use Chrome on the same machine.
Project Member

Comment 6 by sheriffbot@chromium.org, May 12 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment