New issue
Advanced search Search tips

Issue 699543 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

User ID can potentially be compromised through chrome

Reported by jonathan...@gmail.com, Mar 8 2017

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.
My banking website (lanb.com) requires a user  ID on the main page. After user ID is entered a new tab is opened, and prompted for a password. When this new tab is open I can press on the tabs button in chrome and see my user ID that was entered on the previous page. When the new password page tab is opened the user ID should be cleared at that point. So that is not visible after being entered.

VERSION
Chrome Version: [56.0.2924.87] + [stable]
Operating System: [Lineage OS 14.0, Android 7.1.1, 14.1-20170303-NIGHTLY-titan, and Feb 5, 2017 security patch]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]

 
Screenshot_20170308-065010.png
148 KB View Download
Screenshot_20170308-065004.png
122 KB View Download
Screenshot_20170308-064831.png
281 KB View Download
Screenshot_20170308-064815.png
134 KB View Download
As you can see from the screenshots. I have used UserNameBug as the user ID for this demonstration. User ID is entered, new tab (password screen) is opened. I press the change tabs button in chrome and the user ID entered previously is still visible in change tabs screen.
Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
This does not represent a security vulnerability in Chrome. If the website wants to clear the username box before opening the new tab, it is the responsibility of the script code on that website to do so. There is no standard that suggests that the browser should do so speculatively.
The User ID box is cleared by the website... It is only in chrome that it
remains visible. This can be shown by opening 4 or more tabs in chrome. If
more tabs are opened User ID box is cleared. If only 1 tab is open and new
tab opens for password screen, user ID remains. Please check (if possible)
that this site www.lanb.com clears the user ID when opening the new
window/tab. I really think this is a chrome related issue and not an issue
with the website.

Thanks for looking and thanks for your time.
I am almost 100% certain that this is a chrome problem. Here are
screenshots from 2 other browsers using the same test method I used in
chrome. Guess what, in both of these other browsers (Firefox and gello) the
User ID box is cleared and user ID cannot be seen! Please look at this.

Thanks for your time.

Sign in to add a comment