jorgelo: Can you please take a look?

This is, unfortunately, somewhat working as intended. Essentially there's two factors at play:

1-We want music and videos to keep playing when the screen goes off, if people are e.g. using their Chromebooks to play music at a party.

2-We don't have a clear distinction between "screen off but something playing" and "screen off because we just came back from sleep/just reopened the lid".

Ideally, we'd only keep playing music if the screen is locked/turned off, but not if we're resuming from sleep after closing and re-opening the lid.

If user want to continue to listen to content when he open lid, he can choose not to lock the screen every time he open lid.

But,

The whole purpose of asking to login everytime lid open is to secure the content. Be it a text, graphic, audio or video. It is content that need to be protected. 

when user specifically selected to choose to login everytime lid open, it means user do not want anyone to intrude into content.

When he close the lid and packed the chromebook and someone had the opportunity   to open lid, then the disaster can happen. If the video is too personal, it will hurt the business or relationship.

Guys I love chromebook. I am just pointing out large security concern of audio content being leaked even when user choose to authenticate to reveal the content everytime lid open.This is my 6th chromebook purchase and I love it. 

Isn't this a serious security issue that needs a fix to use the chromebook securely. 

I do think there is a potential functional bug here; as #2 says, this behavior is "somewhat" working as intended. For example, we could consider closing the lid (but not just the screen locking) to be equivalent to an explicit Pause action on all media. I leave that question to the media and auth teams.

+battre FYI, this issue has a privacy aspect as well.

But I don't see a security vulnerability. If the 'attacker' is someone physically near the device, most defense techniques cannot work.

+Dale and John

+tbuckley who was looking into this I think.

+warx who has a CL for something similar too, https://codereview.chromium.org/2821303004/

Updating title. This is something we can fix with  Issue 694384 

With  bug 719968 , there will be an internal flag to turn on media session without audio focus which will allow https://codereview.chromium.org/2821303004/ to work without having to turn on audio focus as a side effect.

One question, if lid open should not start audio playing, it should keep paused until user manually starts the audio, right?

Yep, the video should stay paused until the user manually starts it again.

Can we make this not be a security bug (which means that Chrome OS developers can't see it unless they're cc-ed), or just dupe it into a public bug? This is the way that Chrome OS has always worked. I'm fine with it being changed if UX decides that that makes sense, but it's not as if it was unknown up until now.

Also, this doesn't have anything to do with the lid being closed. It should probably be tied either to the system suspending or the screen being locked. The latter will break people who want audio playback to continue even when their screen is locked, though.

Labels removed. It should never have been a security issue in the first place, privacy bug at most, more like feature request.

Looks like issue is being diluted. I am in music industry and my recorded music videos are being stolen/leaked from my chromebook just by someone opening my chromebook without credentials. Does this not mean my data is not secured? How is my business data is secured? Is this not data Security issue?

Also please note this has nothing to do with  Issue 694384 . You are mixing two different reports.  Issue 694384  is focused on need/feature request where as 716066 is reporting data security issue when lid open without credentials. Why mix these issues. Please take serious look into the issue. Let me know what help is needed to understand the security issue better.

You'll see the same behavior on any other laptop, as far as I'm aware. Programs normally pick up where they left off after a system suspends and resumes. This is standard behavior.

As mentioned earlier, there's a feature request to override this behavior and pause video and audio elements automatically. If you want to prevent videos from continuing after the system resumes before this change is made, you can pause or close the video before suspending your system.

I did great mistake spending my time to report issue to Google. From this experience , I will surely stay away from you guys. 

I knew you guys will surely fix these serious issues, Buy you will never admit the seriousness of the issue or give credit to anyone who found it.

Hats Off and Sign Off.

And do not say same behaviour from any other laptop without verifying.

My Lenovo Thinkpad W540 with windows 10 doesn't do that.

Updating components per Warx@.