New issue
Advanced search Search tips

Issue 780549 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Nov 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Chrome

Reported by i...@swimd.com, Nov 1 2017 


VULNERABILITY DETAILS
You use chrome to store your passwords, because chrome doesn't just show all your passwords when you go to view logins like firefox does. So it is more secure. Until you open firefox and "import" chrome passwords and make them all visible. Maybe there should be some encryption here so that cannot happen?

VERSION
Chrome Version: Version 61.0.3163.100
Operating System: Windows 7 sp2

Comment 1 by dominickn@chromium.org, Nov 8 2017

Status: WontFix (was: Unconfirmed)
This is working as expected. Passwords are encrypted on disk, but the key is a artefact of the current Windows login, and so when you run another browser in the same login, it also has access to the same key and can thus unencrypt the passwords.

Protection beyond this is outside of what we can do - see https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
Project Member

Comment 2 by sheriffbot@chromium.org, Feb 14 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment