Issue metadata
Sign in to add a comment
|
Security: Log credentials from inputs (chrome-devtools or plugin like tampermonkey) or save in storage
Reported by
radek.ro...@gmail.com,
Feb 27 2018
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS User can log password and login details from DOM inputs or save them through local storage. VERSION Chrome Version: 64.0.3282.167 + stable [any] Operating System: macOS High Sierra 10.13.3 [any] REPRODUCTION CASE There are two ways: A) Using Chrome-devtools: 1. e.g. go to `https://www.facebook.com/` 2. Open chrome-devtools 3. Write in console e.g. ``` document.querySelectorAll('input[type="submit"]')[0].addEventListener('click', function() { localStorage.setItem(document.querySelectorAll('input[type="email"]')[0].value + '_password', document.querySelectorAll('input[type="password"]')[0].value); }) ``` 4. Close chrome-devtools 5. This will save password and email on submit. As an alternative you can console that value. expected result: Block code when chrome-devtools is off. User B) Using e.g. Tampermonkey - more universal 1. Install tampermonkey with script from attachment. 2. You can remove tampermonkey from Chrome menu. User has no idea that script is running. 3. Credentials are saved for every page. This can be used on computers from public places. There is no information/indicator about additional script that are running in the background. Works with HTTP/HTTPS and incognito mode. Data can be logged, store, send to external server.
,
Jun 5 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Feb 27 2018