New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 849410 link

Starred by 1 user
Status: Duplicate
Merged: issue 792878
Owner: ----
Closed: Jun 2018
Cc:
mastiz@chromium.org
tschumann@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Logging into Chrome on someone else's device downloads their saved passwords

Reported by jaska...@gmail.com, Jun 4 2018 
By logging into Chrome on a family member's computer I was able to gain access to all of the user names and passwords for websites they had stored in their password manager.  These passwords now showed up in my password manager.  This was duplicated at work as well even though I had only logged into Chrome for a short time on a family member's machine and had logged out of Chrome at work (in both cases the user names and passwords for the websites we're not saved under my profile).

Comment 1 by mea...@chromium.org, Jun 5 2018

Components: Services>Sync
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Restrict-View-Google Type-Bug
Thanks for the report, however this is discovering the same scenario as  bug 792878 .

I'll keep the bug open for Sync folks to confirm and close if necessary.

Comment 2 by mea...@chromium.org, Jun 5 2018 

^ (discovering -> describing)

Comment 3 by treib@chromium.org, Jun 5 2018

Components: UI>Browser>Passwords
Labels: -Restrict-View-Google
Mergedinto: 792878
Status: Duplicate (was: Unconfirmed)
Yes, this is indeed basically the same as  bug 792878 .
Note that by giving you access to their (unlocked) device, they are giving you access to all their passwords. You can also look at them at chrome://settings/passwords.

I do agree that the UI could be clearer to make it less likely that this happens accidentally.

Sign in to add a comment