New issue
Advanced search Search tips

Issue 811203 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Feb 2018
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Whenever I turn on vpn zenmate and then go to a logged in account like gmail,linkedin that is without entering passwords just clicking gmail icon.That gmail password gets stolen and an sign-in attempt is made.

Reported by kapils...@gmail.com, Feb 12 2018

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.


Security: Whenever I turn on vpn zenmate and then go to a logged in account like gmail,linkedin that is without entering passwords just clicking gmail icon.That gmail password gets stolen and an sign-in attempt is made.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

VERSION
Chrome Version: Version 63.0.3239.132 (Official Build) (64-bit)
Operating System: windows 10 64 bit

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: password leakage
Crash State: google account attempted sign-in
Client ID (if relevant): [see link above]

As everyone individually uses gmail I expect more grants,as users don't want their passwords to be leaked and be robbed of their personal information.
And also I have sent an email on groundbreaking information about bigdata to the Google's CEO via kapilsane@gmail.com,if you please look into that email ,It'd be great full.I'd admire it.


On feb 7 account sign-in was done while using vpn zenmate.
 
security.png
63.6 KB View Download
Labels: Needs-Feedback
GMail and most other sites use HTTPS for point-to-point encryption, and passwords cannot be "stolen" unless you're either attempting to log in over HTTP or you've installed a malicious certificate (perhaps as a part of the VPN install).

Please provide links to your "Zenmate" product and attach a network log of your entire scenario: https://dev.chromium.org/for-testers/providing-network-details (start logging, attempt repro, stop logging, attach file to this issue).

Comment 2 by och...@chromium.org, Feb 13 2018

Status: WontFix (was: Unconfirmed)
No response from reporter, and nothing seems actionable here. Closing as WontFix for now.

Comment 3 by kapils...@gmail.com, Feb 23 2018

chrome-net-export-log.json
10.2 MB View Download
Project Member

Comment 4 by sheriffbot@chromium.org, May 23 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment