Password-Auto Fill Privacy Issue
Reported by
svw...@gmail.com,
Nov 29 2017
|
||
Issue descriptionVERSION: 62.0.3202.94 (Official Build) (64-bit) (cohort: Stable) Operating System: Windows 10 Creator Update REPRODUCTION STEPS The issue is that it is possible to read all in Chrome saved passwords without typing the Windows-Password as it is asked in the settings section where you can see all your saved passwords. You just need to change the code in the form of the website from input type="password" to input type="text" and it will be visible. The websites are also shown without password so that you can easily gather all passwords. It would be really good if there is an option to prohibit this by keeping the text unreadable or asking for a password first because it makes the complete other password security steps abundant. Thanks for your attention and I hope that this bug can be fixed in the future :)
,
Nov 30 2017
Unfortunately, this cannot be fixed: https://dev.chromium.org/Home/chromium-security/security-faq#TOC-What-about-unmasking-of-passwords-with-the-developer-tools- The idea of introducing a master password before passwords are filled is currently considered elsewhere. |
||
►
Sign in to add a comment |
||
Comment 1 by manoranj...@chromium.org
, Nov 29 2017Labels: -Pri-3 Needs-Triage-M62 OS-Windows Pri-2 Type-Bug