This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

VERSION
Chrome Version: [63.0.3239.84] + [(Official Build) (32-bit)]
Operating System: [Windows 10 OS, without service Pack]

REPRODUCTION CASE
I have started the session in the google chrome browser with my google account, there I configured my browser to store credentials of the forms of the websites that I use daily, among them, credentials of my email accounts, some portals for example azure and what worries the me most, bank credentials, that I have configured in that way by the amount of portals that I use daily and as busy as I am, I find it easier to delegate that to my browser because of the portability it offers in different locations and computers where you use the browser. Now also I have some installed extensions that offer me productivity to my activities, it happens that for a particular case a friend (jlmu10@gmail.com) to remember a topic of discussion I am asked to demonstrate the topic which we were talking about starting the session in the browser to locate the information of what referred through a "bookmark" registered in his chrome session, I closed the session, immediately the friend in question, started his session in the browser, in the browser "literally" merged all the history, credentials, bookmarks, including the Extensions in my friend's account, I had access to all my history, bank credentials, forms and everything my account had. Even in all the equipment present in different geographical locations the access to the data was complete, of such magnitude was the concern of the friend who called me to inform me about the case, the most worrying thing is that to be able to withdraw my data from his account, he had to clean the complete history with the option "from the beginning of time"

this seguryty bug happen in 01/06/2018
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]