Issue metadata
Sign in to add a comment
|
Security: Easily hijacking passwords from Chrome
Reported by
slavo...@gmail.com,
Jun 11 2017
|
||||||||||||||||||||
Issue descriptionDear Google, today around 15:00 p.m Paris Timezone I found a security bug in chrome with my phone! With a little bit of social engineering and lots of EVILNESS people could get their password stolen if the hijacker gets a physical contact with the phone. If you go to Chrome -> Save Passwords -> passwords.google.com Then forgotten password -> choose the google prompt -> hit yes -> and then type the password he would like The account is high jacked![1 minute] event less Then he has the account and see all of the passwords saved to the account and steal it! we could automate the process with a rubber ducky or an app and it will get even worse! Me personally i have my host-monster account password there is unbreakable but somebody could mess my website big time if he knew about this bug or PayPal... You Get It! Happy Coding and Hear form you soon :) Best Regards, SLAVOV Kostadin
,
Jun 13 2017
,
Jun 13 2017
If you get anyone's phone and visit passwords.google.com you could hijack an account pretty easyly and then get all of his saved passwords
,
Jun 13 2017
,
Jun 13 2017
Thank you for providing more feedback. Adding requester "estark@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 14 2017
,
Jun 14 2017
Thanks for the report. If the attacker has access to the unlocked phone, there are a number of ways they can get the passwords stored in Chrome. Going through account recovery is not the easiest of them, and will leave more traces than others. Comment #1 here is correct to point out that Chrome cannot and does not pretend to defend against an attacker with local access. Therefore I am closing this report.
,
Sep 20 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 29
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jun 12 2017