New issue
Advanced search Search tips

Issue 861576 link

Starred by 1 user
Status: Duplicate
Merged: issue 126398
Owner: ----
Closed: Jul 9
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Password are not secure at Chrome

Reported by harinand...@outlook.com, Jul 8 
Google Chrome has the Inspect Element Tool which gives the user a developer interface. This tool can be used to convert the asterisks of password into the text format which is readable. So to prevent this, the password box should be encrytped/locked from editing the HTML.
There is also another loophole in Inspect Element as users can add some 'custom made' scripts which is said to make the browser fast or enhance the user experience. Many scripts are available in the internets which is not safe at all.
Many browsers allow to customize the scripts/add a custom script with the Inspect Element HTML Tool. But Google Chrome should encrypt/lock the webpages from HTML Editing as it's from one of the Tech Giant, Google and also the most reputed Browser. The action to this problem van contibute to make Google Chrome the secure browser.

About Me: Harinandanan BS, Indian, 12th Grade Student who aims in creating a cyber secure world and would like to be an ethical hacker to prevent the security threats.

Comment 1 by kenrb@chromium.org, Jul 9

Status: WontFix (was: Unconfirmed)
Thank you for your interest in Chrome, and it is good to hear you are interested in pursuing information security.

Unfortunately the issues that you are reporting don't align with security boundaries that we are able to protect, and therefore we can't consider them vulnerabilities.

Our FAQ explains why manual password unmasking is not treated as a security problem: https://chromium.googlesource.com/chromium/src/+/lkgr/docs/security/faq.md#What-about-unmasking-of-passwords-with-the-developer-tools

The asterisks are there just to prevent other people who can view your screen from reading your password as you enter it. If a person has access to your logged in user account on your computer, then they have access to a great deal of your data and there isn't a lot Chrome can do to protect itself.

This is also discussed in more depth in the FAQ: https://chromium.googlesource.com/chromium/src/+/lkgr/docs/security/faq.md#why-arent-physically_local-attacks-in-chromes-threat-model

Comment 2 by tsepez@chromium.org, Jul 16

Mergedinto: 126398
Status: Duplicate (was: WontFix)
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 15

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment