New issue
Advanced search Search tips

Issue 705215 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Chrome Data Can Be Hacked Form One PC To Another (I Want REward For This BUG)

Reported by apakshay...@gmail.com, Mar 25 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce the problem:
1. Copy Data From Any Victim PC Folder Go To C:\Users\YourUserName\AppData\Local\Google

2. Paste This To Your PC In Same Location Copy And Replace

3. Open New Google Application In You PC GoTo  C:\Users\Mr.A\Your User Name\Local\Google\Chrome\Application\Chrome.exe

4. Now After Open Application You Are Full Access To All Chrome  Data Of Victim PC . You Have Access To History , Saved Password, BookMark, Manage AutoFill, And Other Confedential Information Of Victim PC

What is the expected behavior?
 This May Easily Allow User To Access Other Person Chrome Browsing Information By Just Copying Necessory Files....

What went wrong?
Chrome Application Have To Hide Those App Data ...And Make This Data Folders (Read Only) & Write Protected.....

Did this work before? N/A 

Chrome version: 56.0.2924.87  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

Dear Sir plaese Check This Security Bug ...

This Is  typically  critical impact bug...

Plese Test This And Send My Rewards And Certificate
 
Steps To Get Victims chroms Browsing Data.rar
4.5 MB Download
Dear Sir

I Have Better And Best Solution For This Problem....

This Bug Is So Serious That Any One Can Copy chrome Data And Able To Decrypt Saved Password

I Want Reward Under chrome Reward System.. And Certificate Of That Bug Founder

I Am Form India... Try To Cantact Me Via Email As Possible...


Akshay Patil 8 March Proper (1).docx
27.5 KB Download
Status: WontFix (was: Unconfirmed)
http://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-

Thanks for reporting! Physically local attack is outside the scope of Chrome's threat model.

If fact, if you have access to the victim's folder, tons of worth damage could be done. And that's outside the scope of chrome. 
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 2 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment