Issue metadata
Sign in to add a comment
|
Security: Credit card numbers can be deciphered from Chrome Autofill settings
Reported by
bronsonl...@gmail.com,
Feb 19 2018
|
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS This issue outlines the insecurity with ones credit card information in Chrome While in a credit card payment form in Chrome on any website, the autofill option will come up as "• • • • 1234". Only when typing the correct numbers in any proper order, the autofill form will remain. Failure to type correct numbers that exist in the autofill will remove the autofill option, therefore, through process of elimination, one can find credit card numbers, in a short time. By producing these steps, you can find all 4 sets of numbers. Once all 4 sets of numbers are found, there is no need to guess the order of those numbers, Chrome will tell you which is the right order depending on whether or not the autofill form dissapears. VERSION Chrome Version: [64.0.3282.137] + [stable] + (Official Build) (64-bit) Operating System: [Windows 10 Pro 64-bit, Build 16299] REPRODUCTION CASE Please refer to screenshots Created dummy credit card for testing. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace *with symbols*, registers, exception record] Client ID (if relevant): [see link above]
,
Feb 19 2018
Thanks for the report. We don't consider this to be a security vulnerability (see bug 704712 and https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model- for why)
,
May 29 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by bronsonl...@gmail.com
, Feb 19 201893.6 KB
93.6 KB View Download