UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Platform: ASUS Chromebook Flip C302CA

Steps to reproduce the problem:
1. Log into friend's Chromebook with my own Google Apps account
2. Gain access!
3. Profit?

What is the expected behavior?
Logging into a stranger's computer shouldn't work, should it?

What went wrong?
I was surprised that after logging into a friend's chromebook with my personal GA account - mhoye@bespokeio.com - that I had full regular user access, including permission to factory-wipe the machine. 

The owner of the device didn't get a notification that someone else had accessed their device, or wiped it, though I did get a login notification.

Did this work before? N/A 

Chrome version: ChromeOS  Channel: n/a
OS Version: 10.0
Flash Version: 

My apologies if this is by design. It just seemed really weird.