1) An attacker may visit a site
2) The password will be autofilled.
3) The attacker append the password value with one character. The fallback for saving become available.
4) The attacker reveals the password in the prompt.
1) An attacker may visit a site
2) The password will be autofilled.
3) The attacker append the username value. The fallback for saving becomes available.
4) The attacker reveals the password in the prompt.
1) An attacker may visit a site
2) The password will be autofilled.
3) The attacker append the username value. The fallback for saving becomes available.
4) The attacker reveals the password in the prompt.
1) An attacker may visit a site
2) The password will be autofilled.
3) The attacker append the username value. The fallback for saving becomes available.
4) The attacker reveals the password in the prompt.
1) An attacker may visit a site
2) The password will be autofilled.
3) The attacker append the username value. The fallback for saving becomes available.
4) The attacker reveals the password in the prompt.
1) An attacker may visit a site
2) The password will be autofilled.
3) The attacker changes the username value. The fallback for saving becomes available.
4) The attacker reveals the autofilled password in the prompt.
Comment 1 by kolos@chromium.org
, Sep 27 2017