New issue
Advanced search Search tips

Issue 777142 link

Starred by 4 users
Status: WontFix
Owner: ----
Closed: Oct 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Google Chrome keeps saved password

Reported by khaweron...@gmail.com, Oct 21 2017 
VULNERABILITY DETAILS
Google Chrome keeps saved password even after removed from saved password if tab was open before removing saved password

VERSION
Chrome Version: 62.0.3202.62 (Official Build) (64-bit) + [stable]
Operating System: Windows 10 Version 1607 (OS Build 14393.0)

REPRODUCTION CASE
1) Open gmail.com and login
2) When you logged In, Chrome will ask "Do you want Goolge Chrome to save your password for this site?". Now Click 'Save'.
3) Now Sign out on gmail.com and close tab
4) Now open gmail.com and when gmail ask for login instead of login click user account then click 'Remove an account from this browser' then remove account.
5) Now open gmail.com on again
6) On other tab open 'chrome://settings/passwords' and remove saved username and password for gmail account
7) No go back to previous gmail.com tab which we open and enter username and click 'next'
8) We have removed saved password for gmail account but gmail.com still show you saved password (The password which we have removed from chrome saved password list is still available in gmail.com)

Comment 1 by elawrence@chromium.org, Oct 21 2017

Components: UI>Browser>Passwords
If you restart the browser after step #7, does this behavior persist?

Comment 2 by khaweron...@gmail.com, Oct 21 2017 

No, the tabs which were opened while i was removing the saved password keeps password until i close the tabs

Comment 3 by elawrence@chromium.org, Oct 21 2017

Cc: vabr@chromium.org
Status: Untriaged (was: Unconfirmed)
This is probably working as expected.

I can reproduce this with a different credential (Google credentials aren't saved if they're used for browser sync).

1. Open login.live.com in one browser tab. (See username autofill from stored credential.)
2. In a second tab, open chrome://settings/password and delete the stored credential
3. In the first tab, click Next
4. Observe: Password that was deleted in step #2 fills.

This doesn't repro if I navigate to about:blank in the first tab after step #3, so my guess is that what's happening is that the credential list is getting attached to the form at the time of load and it's not purged by the clearing in the second tab.

From a security POV, this isn't terribly interesting.

Comment 4 by vabr@chromium.org, Oct 23 2017

Status: WontFix (was: Untriaged)
Correct, retrieved passwords are kept in the tab until navigation. accounts.google.com, for example, do not navigate between submitting a name and the password, so the deletion from step 6 is not taken into account in step 7.
This is working as intended.
Project Member

Comment 5 by sheriffbot@chromium.org, Jan 29 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by vabr@chromium.org, Jun 5 2018 

 Issue 848625  has been merged into this issue.

Comment 7 by vabr@chromium.org, Nov 29

Cc: -vabr@chromium.org

Sign in to add a comment