This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.
As a non owner login for Chrome Book, I was able to Powerwash the Chromebook. 

VERSION
Chrome Version: Version 59.0.3071.113 stable
Operating System: 
Google Chrome OS
Version 59.0.3071.113 stable
Platform 9460.67.0 (Official Build) stable-channel cave
Firmware Google_Cave.7820.288.0

REPRODUCTION CASE

I was able to reset the Chromebook using non-owner credentials and wipe the Chromebook clean. Even though this appears to be a handy feature supported by Chrome OS but its a security bug which can wipe out the owner's information.

So any important information stored by owner is lost forever and the new owner can use the Chromebook.

Powerwash should be applicable only to owner login similar to option of changing the Channel from Stable to Beta.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Not applicable.