This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS:These days I found a very beautifull python script that just prints the google chrome usernames and passwords that are stored on your machine.

In simple terms the script is self explanatory and goes to:


-"%APPDATA%\..\Local\Google\Chrome\User Data\Default\Login Data"
where the passwords and usernames are stored
-decrypt them
-and prints the list of usernames and passwords

Step 1
My Remote Function
Of course I couldn't resist to modify this script and to add a function that takes the list, stores It to a txt file and send It via gmail wherever I want to.

So If anyone on any machine clicks this script(exe) then all his google chrome credentials will be sent to a gmail account.


VERSION
Chrome Version: [unknown] + [stable, beta, or dev]
Operating System:windows 10 [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]