Issue metadata
Sign in to add a comment
|
Guest account shutdown the OS
Reported by
sajidkia...@gmail.com,
Feb 26 2017
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 9000.91.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.110 Safari/537.36 Steps to reproduce the problem: 1. Login as a Guest Account (Bowers as Guest) 2. When you login in the Guest account you can shutdown the OS. What is the expected behavior? Guest Account should not have to right to shutdown the OS. If user has very important data browsed in his browser and someone shutdown his/her laptop from guest account this action loss all the browser data. What went wrong? A guest account shutdown the OS without the permission of OS owner. Did this work before? Yes Chrome version: 56.0.2924.110 Channel: stable OS Version: 9000.91.0 Flash Version: Shockwave Flash 24.0 r0
,
Feb 28 2017
Thanks for reporting the issue. If an attacker has physical access to the machine, she can turn off the machine by simply pressing the power button anyway so allowing the guest user to shutdown the machine doesn't change the security guarantee.
,
Jun 7 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by sajidkia...@gmail.com
, Feb 28 2017