New issue
Advanced search Search tips

Issue 867272 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 867271
Owner: ----
Closed: Jul 25
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug-Security



Sign in to add a comment

Security: Able to sync other clients passwords and website sign-in credentials from syncing with another person's property.

Reported by spsinw...@gmail.com, Jul 25

Issue description

Steps to reproduce the problem:

 CASE
 On a number of times I have been able to obtain other clients password history and website identity and sign on information. I have it saved in my account and it has multiple unknown persons sign on information of passwords and account name or numbers. Has been able to obtain many people's passwords and sign on information from their accounts from Google through syncing it with my account. I also have been able to get a few accounts pictures from Google photos as well. I have been able to get full control of bank information and  much more personal information from all apps that had saved information. I am able to send the security leak and the way I have been able to get the security information. I also am wondering if it would be possible to get rewarded for the security information and how it's done.

What is the expected behavior?
Expected behavior is not being able to obtain or use someone else's sign-in information and passwords successfully. Also have been able to save most of the security information and sync up with my account.

What went wrong?
I have been able to obtain and save random but highly private information and passwords for secure sign-ins. All information that is saved on your saved passwords is able to be stolen and saved to be used by anyone.

Did this work before? N/A 

Chrome version: 67.0.3396.87  Channel: stable
OS Version: 7.1.1
Flash Version: 7.1.1.08.92.P2.171030.3632A-MPCS

I can definitely demonstrate how to be able to obtain the security information and passwords. Would like to know if finding out said security leak is able to be rewarded for the information.
 
Mergedinto: 867271
Status: Duplicate (was: Unconfirmed)
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 2

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment