New issue
Advanced search Search tips

Issue 737708 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 126398
Owner: ----
Closed: Jun 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Remember Password

Reported by gupta.rohit21198@gmail.com, Jun 28 2017

Issue description

Password field can easily be converted to text field simply by changing 1 word in HTML code i.e. simply removing password from field type. Then remembered password can be obtained easily.
I understand chrome provides sign-in and user options but users must be notified beforehand the risks of saving password. In general practice multiple users use the same account.
Please fix the issue if possible!
 
Mergedinto: 126398
Status: Duplicate (was: Unconfirmed)
It's never safe to share a single OS login account, as that is the only security boundary the operating system provides against myriad attacks.

Please see https://dev.chromium.org/Home/chromium-security/security-faq#TOC-What-about-unmasking-of-passwords-with-the-developer-tools- and https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- for more details.
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 5 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment