New issue
Advanced search Search tips

Issue 737001 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jun 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Malware can steal data from Chrome

Reported by romia.ja...@gmail.com, Jun 27 2017

Issue description

VULNERABILITY DETAILS
Hi Team,
I am a freelancer who works on several freelancing platform. The other day, I got a file from an unknown person, who said that he wanted me to work on it. It was a screensaver file. At the moment, I was unable to comprehend the amount of money. It would cost me. What happened was that, I opened the file, it was a screensaver file. Nothing happened on screen. Windows defender didn’t pick it as a virus/Trojan/malware. After 2 days, My Payoneer was hacked and I lost $2644 to the hacker, or whoever he was. He had established the startup of the file in Windows and also duplicated the file on various locations. I was very disappointed to know that what that hacker got hold of was a ChromePass.key type of file. He got away with it. I don't know what level of encryption you people use, that he used that file and got hold of my several account details, which resulted in my huge hard-earned monetary loss. I am very disappointed in Google's encryption methods.
Romia Javaid

VERSION
Chrome Version: Version 59.0.3071.109 (Official Build) (64-bit)
Operating System: Windows 10 Professional-64-bit
 
Status: WontFix (was: Unconfirmed)
Summary: Security: Malware can steal data from Chrome (was: Security: Low level Chrome's encryption methods)
I'm so sorry to hear about this!

Do you have a copy of the file? If so, we can submit it to virus scanners and other tools for blocking.

Unfortunately, after your PC has been compromised by malware, it's simply impossible to protect the data on it against the attacker; you can read more about this in Microsoft's "Ten Laws of Computer Security" found here: https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-compromised-infected-machines-in-Chrome-s-threat-model-


Project Member

Comment 2 by sheriffbot@chromium.org, Oct 4 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment