Issue 740877 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jul 2017
Components:	UI>Browser>Passwords
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Chrome Password manager is enabled in Chrome incognito mode

Reported by bhuvans...@gmail.com, Jul 11 2017

Issue description


VULNERABILITY DETAILS
When a user tries to login to gmail account in Chrome incognito browser, Chrome password manager pops up and asks whether to fill the form with the saved passwords/login details. Incognito mode is basically designed for a private browsing and it should not be taking passwords saved in normal Chrome.

VERSION
Chrome Version: 59.0.3071.115 
Operating System: Windows 7

REPRODUCTION CASE
1. Open google chrome browser
2. Login to gmail account and save password in chrome password manager
3. Open chrome in incognito window
4. Visit gmail.com
5. Give username in it
6. There is a pop up asking whether to fill the saved password

Comment 1 by elawrence@chromium.org, Jul 11 2017

Components: UI>Browser>Passwords
Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)

This is working as intended; we want users to use strong passwords, and the Password Manager is an important component of making that possible.

Notably, in Incognito the password filler changes to "Fill On Account Select" mode for privacy reasons (See  Issue 636461 ).

If you use Chrome's Guest mode instead (https://support.google.com/chrome/answer/6130773?co=GENIE.Platform%3DDesktop&hl=en), both the password manager and autocomplete engines will not use your profile data.

►

Issue 740877 link

Issue metadata

Security: Chrome Password manager is enabled in Chrome incognito mode

Issue description

Comment 1 by elawrence@chromium.org, Jul 11 2017

Comment 1 Deleted

Sign in to add a comment