New issue
Advanced search Search tips

Issue 862586 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 12
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Security



Sign in to add a comment

Chrome seems to be accessing medical data

Reported by naco...@gmail.com, Jul 11 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

Steps to reproduce the problem:
1. Access a patient portal in Chrome
2. Wait for customized ads to pop up based on conditions in your medical file
3. 

What is the expected behavior?
Nope.  Maybe it's on their end, but that data should never be accessed by Chrome to help with searches.  (Even if it's not loaded in a incognito window)

What went wrong?
Basic privacy protection standards.

Did this work before? N/A 

Chrome version: 67.0.3396.99  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: 

Wow.  If this is happening it might be the most invasive thing I've ever seen.

Comment 1 by est...@chromium.org, Jul 11

Labels: Needs-Feedback
We'll need some more information to be able to investigate. Can you describe the behavior you're seeing in more detail? Please provide detailed reproduction steps and/or screenshots of what you're seeing, if possible.

Comment 2 by kenrb@chromium.org, Jul 11 

I think this bug is saying that Chrome appears to be taking information from sites that you have accessed and providing it to ad networks for the purpose of targeting. Please correct me if I have misunderstood the report.

That would be violation of the Chrome's security model, which is largely concerned with preventing information on one website from leaking to other sites, and is something that we take very seriously.

Depending on how and where you are seeing the ads, there are a number of ways that such information could be available for ad networks for targeting. For instance, if you visited sites providing information on a given condition, and that site embedded tracking pixels. This is possible due to the design of the web, and is not a flaw in your browser.

Comment 3 by est...@chromium.org, Jul 12

Status: WontFix (was: Unconfirmed)
Closing due to lack of feedback. As #2 explains, this doesn't sound like a bug in the Chrome browser, but please feel free to provide more information if we're missing something. Thanks!

Comment 4 by naco...@gmail.com, Jul 13 

Sorry I wasn't able to get back.  What kenrb is saying is basically what I was reporting.  I'm not sure how to further troubleshoot the issue.  I used chrome to open my patient portal with my doctor's office.  I clicked around and looked at my reports (blood work, weight and such) and then, after logging out I started to see ads that were related to items in my report.

I don't really have a way to check to see if it's Baader-Meinhof Phenomenon, if it's extrapolating from other searches I've done (assuming I'm fat because I looked at a food video so it's sending me ads for bariatrics on sites) or if it's actually from a data leak.  The only thing I can add is that most of the ads I've seen have popped up on Youtube.  I submitted it as a chrome concern though because the records I was looking at were accessed on chrome.  The ads popping up seems to be occasional, so I can't reproduce it on demand.
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 19

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment