This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.
Using python, it is possible to find where the cookies are stored, load them, and decrypt them. I think you should change the encryption standard every few versions. This problem was probably there for over a year, since the project is from a year ago and still works.

If a hacker would want to log in to my account, they will only need to send themselves the cookies file via SMTP and search through the cookies with this code. With the cookies, the hacker will now have full access over my account (excluding changing the password).

DISCLAIMER: I did not make or contribute to this code.

VERSION
Chrome Version: 61.0.3163.100 + stable
Operating System: Windows 10 Pro N version 1703 build 15063.632

REPRODUCTION CASE
https://gist.github.com/DakuTree/428e5b737306937628f2944fbfdc4ffc (not mine)

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]