New issue
Advanced search Search tips

Issue 756398 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Password field is not protected by using paste option and Session should be expire with in 10 idle min.

Reported by sharma.k...@gmail.com, Aug 17 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

Steps to reproduce the problem:
1. Copy Text
2. Paste in Password field
3. 

What is the expected behavior?
Password can be paste in the password field, many key press tools available by which any JScript can be injected.
Session should expire after 15 idle min.

What went wrong?
1. Password field except paste option, a user should manually enter text which is the more secure way to protect.

2. Session remains exist after 30 min of idle time whereas this should expire to protect unauthorized access to the emails and other sites of google.

Did this work before? N/A 

Chrome version: 60.0.3112.90  Channel: n/a
OS Version: 6.3
Flash Version: Shockwave Flash 26.0 r0

Comment 1 by elawrence@chromium.org, Aug 17 2017

Components: Blink>Forms>Password
Status: WontFix (was: Unconfirmed)
No, typing passwords is not any more secure than pasting them from a password manager.

It's not practical to attempt to protect a browser against a compromised runtime environment; see https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model for further discussion.
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 23 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment