New issue
Advanced search Search tips

Issue 800682 link

Starred by 4 users
Status: Available
Owner: ----
Cc:
jdoerrie@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug

Blocking:
issue 714618



Sign in to add a comment

Deleted passwords can be restored via CTRL+Z even if you close the chrome://settings/passwords tab

Reported by lauri....@vikk.ee, Jan 10 2018 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Steps to reproduce the problem:
1. Save a password on any site
2. Delete the password afterwards from settings
3. Close chrome or settings tab
4. Open the settings tab again where you can manage passwords
5. Press CTRL+Z and you can get the deleted password back

What is the expected behavior?
It should not undo the deleted password

What went wrong?
It undo(ed) the deleted password even if you closed chrome which I believe is a security issue.

Did this work before? N/A 

Chrome version: 63.0.3239.132  Channel: stable
OS Version: 10.0
Flash Version:

Comment 1 by elawrence@chromium.org, Jan 10 2018

Components: UI>Browser>Passwords
Supporting undo at all seems a bit odd. Supporting undo after the page closes seems wrong. Supporting undo after the browser restarts seems impossible.

Comment 2 by elawrence@chromium.org, Jan 10 2018

Components: Privacy
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: Untriaged (was: Unconfirmed)
Summary: Deleted passwords can be restored via CTRL+Z even if you close the chrome://settings/passwords tab (was: After deleting saved passwords you can ctrl+z and get them back even if you close the tab or chrome itself)
I'm able to reproduce CTRL+Z undo'ing the delete after the chrome://settings/passwords tab is closed and then reopened. However, after all windows in the browser are closed and the browser is restarted, CTRL+Z no longer restores the deleted password.

From a security POV, this is outside of the threat model (https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model) but this is something that we should consider cleaning up (e.g. disable undo after 1 minute or the tab closes) for privacy reasons.

Comment 3 by msramek@chromium.org, Jan 10 2018

Status: Available (was: Untriaged)
Given how easy it is to shoot oneself in the foot with deleting passwords, I agree that we should support Ctrl+Z for a short time and before closing the tab, but not beyond that.

Comment 4 by battre@chromium.org, Jan 11 2018

Cc: jdoerrie@chromium.org

Comment 5 by jdoerrie@chromium.org, Jan 11 2018 

Making undo possible via CTRL+Z was a deliberate choice to improve accessibility, as the clickable undo toast disappears after a few seconds. The underlying undo manager has its lifetime tied to a profile instance, so closing all tabs associated with a given profile will make it impossible to restore passwords via CTRL+Z.

However, I do agree that this is likely too robust and we maybe should add a timeout and listen events firing when the settings tab closes.

Comment 6 by kolos@chromium.org, Jan 26 2018

Blocking: 714618

Sign in to add a comment