New issue
Advanced search Search tips

Issue 759759 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security:saved password thift from browser without windows account password

Reported by gaurdhar...@gmail.com, Aug 28 2017

Issue description

hELLO google security team,
I found  bug in you Chrome browser
Bug type: saved password thift from browser without windows account password

Step to reproduce:
sign in gooogle account saved password in browser

enter email
password is already saved
right click on password & click on INSPECT
Then show html code 
find "TYPE=PASSWORD" And replace PASSWORD with TEXT/NAME
you can see saved passeord without (windows user account)login password


VERSION
Chrome Version:60.0.3112.113 (Official Build) (64-bit) (cohort: Stable)
Operating System: Windows 8.1 architectures 64

Thank you
Best Regards
RAM KANHA
I will appreciate if you are having some policy like offering swags to the independent security researchers.
As it keeps morale of the Security tester highly motivated.

Note: I attach screenshots with this report
 
 
pic2.jpg
125 KB View Download
pic3.jpg
230 KB View Download
pic4.jpg
216 KB View Download
pic5.jpg
231 KB View Download

Comment 1 by ta...@google.com, Aug 28 2017

Status: WontFix (was: Unconfirmed)
This is outside our threat model because it's a physically local attack.

https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 5 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment