This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Upon completing a "Powerwash" of a Pixelbook, I found the wireless keys were still stored on the Pixelbook. This could lead an attacker to connect to a wireless network even if the user is not authorized on the network. Additionally, the warnings on the "Powerwash" insinuate all configurations are reset to factory settings. 

This may be "By design", but it does contradict the concept of a "factory reset" and does represent a security vulnerability.

VERSION
Chrome Version: 7.1.1
Operating System: Android 7.1.1 (Pixelbook)

REPRODUCTION CASE
1. Connect to a secure (WEP enabled) wireless network.
2. Execute a "Powerwash" on the Pixelbook.
3. Complete the "Powerwash". 
4. Upon re-initialization, select the WEP enabled wireless network.
5. The Pixelbook should connect.