New issue
Advanced search Search tips

Issue 771371 link

Starred by 3 users
Status: Fixed
Owner:
se...@chromium.org
Closed: Oct 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Chrome Canary displays saved passwords in plain text

Reported by toby07...@gmail.com, Oct 3 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3231.0 Safari/537.36

Steps to reproduce the problem:
1. Go to a website with a previously saved login info
2. The fields will display highlighted pale yellow with info filled in, crucially, the password is shown in plain text
3. Clicking the password field changes it back to "...."

What is the expected behavior?
Instead of "....." the passwords show up in plain text!

What went wrong?
Saved passwords are shown in plain text, allowing anybody overlooking the screen to read it off for any website I visit. This seems to have started today.

Did this work before? Yes Most recent prior to today's as far as I know

Chrome version: 63.0.3231.0  Channel: canary
OS Version: 10.0
Flash Version: 

Urgently should be addressed as it is a serious security problem!

Comment 1 by och...@chromium.org, Oct 3 2017

Components: UI>Browser>Passwords UI>Browser>Autofill
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: (was: Unconfirmed)

Comment 2 by se...@chromium.org, Oct 3 2017 

It's already fixed. I reverted the culprit earlier today. Thanks

Comment 3 by se...@chromium.org, Oct 3 2017 

On my phone but I'll link to the revert when I get to a computer.

Comment 4 Deleted

Comment 5 by se...@chromium.org, Oct 3 2017 

The next Canary cut will have it fixed, so probably tomorrow. This issue does not affect Chrome users, it only affected the top of tree and today's Canary.

Comment 6 by victor...@gmail.com, Oct 4 2017 

Just encountered this right now before updating to Version 63.0.3232.0 (Official Build) canary (64-bit). Can confirm that it's fixed now but I have to admit that I am a bit freaked out about the fact that this slipped into a release.

Comment 7 by toby07...@gmail.com, Oct 4 2017 

Same here! I was freaking out thinking my machine was compromised. This should never happen and passwords should always be encrypted.

Comment 8 by zkoch@chromium.org, Oct 4 2017 

Thanks, Seb, for the fast fix. Note that this is why we have channels like Canary, to quickly catch issues like this and get them fixed. Canary is the wild west for us. :) Thanks for reporting!

Comment 9 by se...@chromium.org, Oct 5 2017

Owner: se...@chromium.org
Status: Fixed

Comment 10 by elawrence@chromium.org, Oct 7 2017 

 Issue 772479  has been merged into this issue.

Sign in to add a comment