This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.
Please READ THIS FAQ before filing a bug: https://www.chromium.org/Home
/chromium-security/security-faq
Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs
NOTE: Security bugs are normally made public once a fix has been widely
deployed.
VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.
i logged into google on a friends laptop so i could pick up my browsing history and bookmarks and logged out after using it. to my surprise when i log into google from any computer it has merged all my friends passwords and mine. In other words both she and i and another user (who she bought the laptop from) can all see each other's saved passwords. this means if i want i can see both her login usernames and passwords for all her social media, email and other accoutns nad vice versa. I have manually deleted a number in google settings but have screenshotted those that remain. this is a serious security flaw and is the third time i have noted this behaviour in the past year.
VERSION
Chrome Version: 59.0.3071.115 stable
Operating System: Windows 10 Home 64 bit build 15063.483
REPRODUCTION CASE
please see several screenshots and not the number of occasions where the usernae redfern.tom@gmail.com and fran wilkinson appears. these have somehow come into my gmail account becuase i logged into google through chrome on fran wilkinson's computer.
|
Deleted:
screenshots.zip
1.8 MB
|
Comment 1 by elawrence@chromium.org
, Jul 30 2017Summary: Security: After logging into Chrome, local passwords sync to my sync'd profile (was: Security: whe logging into google from a friend's laptop)
44.8 KB
44.8 KB View Download