Issue metadata
Sign in to add a comment
|
Security: Egress Chrome sensitive data (e.g. passwords) from an unlocked PC
Reported by
liorma...@gmail.com,
Dec 7 2017
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Getting all the google accounts detail from the computer and sync it to another account without any password Steal local and remote google chrome settings, including sensitive data (e.g. passwords), without being prompted for authentication. VERSION Chrome Version: 62.0.3202.94 + [stable, beta, or dev] Operating System: [windows , 10, and service pack level] REPRODUCTION CASE 1. Use a machine that hasn’t been locked by user (i.e. forgot to lock) 1. browse to chrome://settings/people 2. Sign OUT if you are logged in 3. click Manage other people 4. Add Person 5. click save 6. click Sign in 7. click More option 8. click create new account 9. fill user name and family name 10. fill birthday 11. fill new Gmail user & password 12. click I Agree 13. Then in prompt click “I am the user sync passwords history bookmarks” 14. All sensitive chrome data is now synced with a malicious account 15. Use this account on another machine that you have full access to 16. On that machine, you can now use the sensitive data (e.g. credentials) to login to applications and even see the actual passwords (using your windows password account)
,
Dec 7 2017
Yes, given unrestricted access to a user's account, you can steal data from it. This isn't a vulnerability in Chrome and isn't unique to browsers. This natural vulnerability is why PCs offer the ability to screen lock. https://chromium.googlesource.com/chromium/src/+/lkcr/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model ( Issue 766092 notes the fact that logging out of Chrome won't delete local data unless you want it to. That's not really a precondition for your scenario).
,
Dec 11 2017
Issue 793893 has been merged into this issue.
,
Dec 11 2017
you don't need to sing out even when.you sign out and just save the passwords it if you.login it will take all your bookmarks history and passwords that you saved.
,
Mar 15 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 28 2018
Issue 826594 has been merged into this issue.
,
Jun 5 2018
Issue 849410 has been merged into this issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by liorma...@gmail.com
, Dec 7 2017214 KB
214 KB View Download