New issue
Advanced search Search tips

Issue 862820 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 12
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Misconfiguration in Cookie Handling in Google Chrome Android Browser

Reported by 012345ar...@gmail.com, Jul 11 
Summary: 
========

Every websites which contains check boxes on login page - i.e. 'Remember Me' or 'Keep Me Signed In' etc. if user unchecks these boxes during log in then browser should terminate the current session on client side when closing browser. However this is not the case with Chrome Android Browser, it does not terminates the session on client side when closing the browser regardless that 'Remember Me' box was unchecked while logging in. 



My Environment While Testing This:
==================================

Chrome Version: 67.0.3396.87
OS: Android 7.1.1; Moto G (5S) Plus Build/NPSS26.116-61-11



Reproduction Steps:
===================

1. Open Chrome Android Browser and go to any website which contains check box 'Remember Me' or 'Keep Me Signed In', for example: bugzilla.mozilla.org .
2. Uncheck 'Remember Me' box > Login > Close browser. 
3. Open browser again and go to same website bugzilla.mozilla.org, you will be logged in again. 



Proof of Concept:
=================

Video Link:   https://vimeo.com/279570511
Password:   mahakaLhuiKhgaaizqwW@2111


================================================================================================================================================================================

Comment 1 by est...@chromium.org, Jul 12

Labels: OS-Android
Status: WontFix (was: Unconfirmed)
Thanks for the report. Chrome doesn't usually clear cookies on exit. A "Remember Me" checkbox is provided by the website and it's up to the website when to clear its cookies. Usually websites clear their cookies after some amount of time has passed or when the user chooses to log out of the website. So in this case, bugzilla.mozilla.org decides how long to remember the user for, and it's not up to Chrome.

You can always clear your cookies manually as described at https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en.

Comment 2 by 012345ar...@gmail.com, Jul 12 

Hi,


I believe you missed out here something because this is not only the case with bugzilla.mozilla.org, including www.messenger.com etc. in every websites the behavior is same and it is only the case with Android Chrome. However other browsers work perfectly. I also reached out to Messenger Security Team regarding the same and they also said that it's the browser side vulnerability. 


Please investigate this issue again i am definitely sure that it's not an intended behavior. 


Regards.
Project Member

Comment 3 by sheriffbot@chromium.org, Oct 19

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment