Security: Chrome keeps saving passwords even for website that is listed as "Never Saved"
Reported by
jpu2...@gmail.com,
Jul 26
|
|||
Issue descriptionVULNERABILITY DETAILS Please provide a brief explanation of the security issue: By allowing Google Chrome to save the username and password of a particular website, it looks like even after you've changed the settings and tell Chrome that you no longer want it to remember that website's login credentials by removing it from remembered passwords and adding it to "Never Saved" (via chrome://settings/passwords), Chrome will still populate the username/password fields of the said website. The most alarming part of this issue is that Chrome doesn't even ask to remember your credentials anymore, but somehow it still remembers and populates them at the login screen. I tried it on multiple attempts, but Chrome is still remembering and populating my login credentials. I was using Facebook.com VERSION Chrome Version: [Version 68.0.3440.75] Operating System: [Windows 7 64-bit, Professional, Service Pack 1] REPRODUCTION CASE: The issue can be reproduced by allowing Chrome to save your username and password of a particular website then later change to "Never Saved" via Chrome: chrome://settings/passwords. Then by visiting that website, Chrome still populates the username and password fields of the said website.
,
Jul 26
Assigning to nepper@ for triaging.
,
Jan 11
Setting defect without priority to Pri-2. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mbarbe...@chromium.org
, Jul 26Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug