Chrome's Incognito mode was automatically logged into other sites?
Reported by
gil...@gmail.com,
Jun 14 2017
|
||||||||||
Issue descriptionDear Security Team, I wish to report a security bridge bug I had found on Chrome for the PC, when in Incognito mode. I have been testing one of our websites: www.weddinbook.com in Incognito mode. I have opened a new tab so that no tokens or cache of any sort would be available. While I was testing my platform, I had another Chrome window open, in which I was logged on to my Gmail and if memory serves - to a Facebook account as well. When testing the website on the Incognito mode, I clicked a link which was supposed to lead to composing an email. When clicked, it opened a new Incognito tab with Gmail and instead of asking me to log in, it opened my personal Gmail account in "Compose" mode, with full access to my emails and folders. Same happened when I clicked the Facebook link. To the best of my knowledge, something like that should not occur on Incognito mode, which is why I was trying to bring it to your attention. I look forward to hearing back from you. I am attaching a few screenshots I took in the process. Looking forward to hear back from you. My kindest personal regards, Gil +972-542291140 gili@castle-builders.biz gili46@gmail.com This template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home /chromium-security/security-faq Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs NOTE: Security bugs are normally made public once a fix has been widely deployed. VULNERABILITY DETAILS Please provide a brief explanation of the security issue. VERSION Chrome Version: [x.x.x.x] + [stable, beta, or dev] Operating System: [Please indicate OS, version, and service pack level] REPRODUCTION CASE Please include a demonstration of the security bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace, registers, exception record] Client ID (if relevant): [see link above]
,
Jun 15 2017
Hello again, The version is at the bottom of this email. I completely understand how the Incognito sessions work, which is why we use them for testing. I had no other Incognito windows open, only a Chrome window, with Gmail logged in. I guess that what I'm getting at is that as long as another Chrome window (that is not Incognito) is open or another tab (that is Incognito) is open and when on both cases the gmail was used and closed (and possibly a token remained), it signs up automatically to Gmail when clicked, from an Incognito window, when clearly it shouldn't. Perhaps a closed Gmail tab still makes sense in a way for the token to be kept, but not for a fresh new Incognito window that uses the Gmail token off an regular Chrome window. Thank you for the prompt reply. Best always, Gil Google Chrome 58.0.3029.110 (Official Build) (64-bit) Revision 691bdb490962d4e6ae7f25c6ab1fdd0faaf19cd0-refs/branch-heads/3029@{#830} OS Windows JavaScript V8 5.8.283.38 Flash 26.0.0.126 C:\Users\Castle Builders\AppData\Local\Google\Chrome\User Data\PepperFlash\26.0.0.126\pepflashplayer.dll User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Command Line "C:\Users\Castle Builders\AppData\Local\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end Executable Path C:\Users\Castle Builders\AppData\Local\Google\Chrome\Application\chrome.exe Profile Path C:\Users\Castle Builders\AppData\Local\Google\Chrome\User Data\Default Variations 241fff6c-dd772b49 3095aa95-3f4a17df 7c1bc906-f55a7974 ba3f87da-45bda656 cf558fa6-48a16532 f3499283-7711d854 349d561b-969ce2d0 9e201a2b-ecdd092e 6eb432aa-ca7d8d80 5274eb09-3f4a17df b684f56f-4d2fac87 b791c1b8-ca7d8d80 9773d3bd-ca7d8d80 b22b3d54-1c15b2e9 2e109477-bcf405c8 99144bc3-cd5a90d6 9e5c75f1-2c52c721 f79cb77b-3d47f4f4 b7786474-d93a0620 23a898eb-3d47f4f4 4ea303a6-ce46eb26 7aa46da5-669a04e0 64224f74-5087fa4a de03e059-1410f10 69bf80fa-91c810ef b2f0086-93053e47 f11cb941-11910166 81fca794-19eaf52c 6844d8aa-669a04e0 494d8760-3d47f4f4 f47ae82a-746c2ad4 3ac60855-486e2a9c f296190c-b52e3392 4442aae2-75cb33fc ed1d377-e1cc0f14 75f0f0a0-d7f6b13c e2b18481-6e3b1976 e7e71889-4ad60575 828a5926-ca7d8d80 Compiler MSVC 2015 (PGO)
,
Jun 15 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 15 2017
<< Perhaps a closed Gmail tab still makes sense in a way for the token to be kept, but not for a fresh new Incognito window that uses the Gmail token off an regular Chrome window.>> That would, indeed, be a bug, however I'm not able to reproduce this. If you close all Chrome instances, then start a new regular mode instance, log it into Gmail, and then start a new incognito window, are you able to reproduce the issue originally reported?
,
Jun 19 2017
,
Jun 19 2017
Hi again, << If you close all Chrome instances, then start a new regular mode instance, log it into Gmail, and then start a new incognito window, are you able to reproduce the issue originally reported >> That's exactly what had happened. I am not sure if it occurred specifically via the website we have created and method it was used in, but the fact of the matter remains. We have created a web app for creating apps and have recently adapted it to the Wedding market in order to allow couples to create interactive wedding albums with videos, music, photos, special features, etc. and convert them into native apps for the Android, iPhone and iPad. The website I am referring to is www.weddinbook.com. If you want, I can guide you through the steps. Essentially, you need to create an account, go to "Create an Album," go through the process of the actual creating by using the Wizard, and then go to "Add Features" - add an Email address and Facebook address, click the Preview to view your Album, and then click the Email / Facebook icons which would open a new tab with the logged in Gmail account (assuming it was already logged into from a regular Chrome window) Best always, Gil
,
Jul 5 2017
Tested on Chrome Stable #59.0.3071.115 and Canary #61.0.3148.0 on Windows 10, and issue is not reproducible. Attached the screen cast for reference (https://drive.google.com/open?id=0B3Nz6WzbhmLRSjltdTQyU20wMW8). Followed the below steps: 1. Launched chrome and logged through Google account in www.weddinbook.com 2. Created an Album with links to Facebook (logged into Facebook while linking). 3. Previewed the Wedding Album. 4. Opened Incognito Window. Observations: 1. User had to logged into the www.weddinbook.com again. 2. User had to login to Facebook again to navigate to the link provided earlier. @gili -- Could you please try by removing the extensions and creating a new profile to verify if the issue still persists. Please let us know if we have missed anything. Thanks in advance.
,
Apr 17 2018
gili46@, Can you still reproduce the error?
,
May 22 2018
As there is no action on this issue for long time closing this issue. Request you to update your Chrome to latest #66.0.3359.181 and verify. Feel free to file a new issue if the issue is still reproduced at your end. Thanks! |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by elawrence@chromium.org
, Jun 14 2017Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Needs-Feedback Type-Bug
Summary: Chrome's Incognito mode was automatically logged into other sites? (was: Security issue with Chrome's Incognito mode)