Issue 862943 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jul 12
Components:	UI>Browser>Passwords
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	3
Type:	Bug-Security

unauthorized user has the ability view the all saved passwords of the user

Reported by mfa...@gmail.com, Jul 12

Issue description

Chrome Version (from the about:version page):67.0.3396.99 (Official Built) (64 bit)
Is this the most recent version:yes
OS + version:
CPU architecture (32-bit / 64-bit):64-bit
Window manager: N/A
URLs (if relevant):N/A
Behavior in Linux Firefox: Same
Behavior in Windows Chrome (if you have access to it): Secured

Please refer to the report attached for further information.

Chrome Disclosure.pdf
857 KB Download

Comment 1 by dtapu...@chromium.org, Jul 12

Labels: -Type-Bug Type-Bug-Security

Comment 2 by est...@chromium.org, Jul 12

Components: UI>Browser>Passwords
Status: WontFix (was: Unconfirmed)

Thanks for the report. Chrome does not attempt to prevent local attackers from viewing saved passwords. Even if the Manage Passwords page prompted for a password like it does on some OSes, there are other ways that a user could gain access to the saved passwords. Please see https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model for more information.

►

Issue 862943 link

Issue metadata

unauthorized user has the ability view the all saved passwords of the user

Issue description

Comment 1 by dtapu...@chromium.org, Jul 12

Comment 1 Deleted

Comment 2 by est...@chromium.org, Jul 12

Comment 2 Deleted

Sign in to add a comment