Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
When one logs out of Chrome, he is expecting all stored passwords to be removed/inaccessible to another person who is now having access to the computer/laptop.

Real life scenario : I was handing off my office laptop to IT and before handing over, logged off from my Google Accounts as well as my Chrome Account. However, when I tried to login to another site (without logging into Chrome account or Google account), the username and password show up.





VERSION
Chrome Version: 61.0.3163.100
Operating System: Windows 10 Enterprise version 1703 OS Build : 15063.632

REPRODUCTION CASE

Recreation steps :
1. Log in to chrome
2. go to a site (let's say site1.com) and click on remember me. This has the username & Pwd remembered by the Chrome browser
3. Log out of Chrome account
4. Try logging into "Site1.com" and Chrome will show the username and autofill the password

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]