This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
I work for a big multinational and we recently were migrated to provider to handle our stock portfolio. by coincidence I just come around with a potential security issue, which enables anyone to obtain a password quickly given the case one can access someone else system just for a few moments. This vulnerability is particular relevant to enterprise customers where users usually leave their systems unattended and without attention for long periods of time.
There are no needs for high hacking skills or installation of any 3rd party apps.
With the full consent of two of colleagues, I verified one can indeed obtain their passwords easily from chrome. I believe other explorers have the same issue.
I would like someone to contact me so I can provide more details.

VERSION
Chrome Version: [Version 67.0.3396.99 (Official Build) (32-bit)]
Operating System: [Windows10 Version1709 Build 16299.492]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]