New issue
Advanced search Search tips

Issue 719192 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: May 2017
Cc:
elawrence@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: incognito mode stores some login information

Reported by jennifer...@gmail.com, May 6 2017 


VULNERABILITY DETAILS
I opened an incognito window on a notebook I do not own and logged in on Gmail and Facebook. When I finished I just closed the incognito windows without logging out on Gmail or Facebook.

When I opened the same computer a few hours later, again opened incognito mode and checked Facebook and gmail, I was still logged in. On regular (non-incognito mode) the computer's owner is logged in at the same time on these services.


VERSION
Chrome Version: 57.0.2987.133 (64-bit) + stable
Operating System: MacOS Sierra 10.12.4 (16E195) on MacBook Air (13-inch, Mid 2011)

REPRODUCTION CASE

Comment 1 by elawrence@chromium.org, May 8 2017

Cc: elawrence@chromium.org
Components: UI>Browser>Incognito Privacy
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Needs-Feedback Type-Bug
This is likely working-as-intended: Closing an Incognito window is not sufficient to purge the session (cookies/etc); you must close ALL Incognito windows for that cleanup to take place.

Did the "computer's owner" have any Incognito tabs open?

Comment 2 by ranjitkan@chromium.org, May 12 2017

Labels: Needs-Milestone

Comment 3 by elawrence@chromium.org, May 12 2017

Status: WontFix (was: Unconfirmed)
Without the information requested in #1, there isn't anything actionable that would allow reproduction of this issue.

Sign in to add a comment