Security: Autocomplete data can be stolen by malicious webpage
Reported by
chromium...@gmail.com,
Feb 6 2018
|
||||
Issue descriptionVERSION Chrome Version: 66.0.3340.0 (Official Build) canary (64-bit) Operating System: Mac REPRODUCTION CASE I think I'm still able able to repro this bug 753645 , 1. load http://dev.jigawatt.co.uk/dev/autocomplete/steal.html 2. hold down the 'down' arrow key 3. email addresses should be shown on the page
,
Feb 7 2018
,
Feb 7 2018
I cannot repro on M66. I am testing on Canary on Mac. You are not pressing enter correct? Because then it would be normal that the site can access the values. Let me know if you have take special steps, because simply clicking in the field and pressing the down arrow does not make the site show the email address for me. Thanks!
,
Feb 7 2018
Oops sorry! I was testing this on an old version. Unable to repro this on M64 stable and M66 canary. You can now mark this bug as "Wontfix" - Thanks!
,
Feb 10 2018
,
May 20 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by infe...@chromium.org
, Feb 6 2018Labels: ReleaseBlock-Stable M-65 Security_Severity-Medium Security_Impact-Stable Pri-1
Owner: se...@chromium.org
Status: Assigned (was: Unconfirmed)