New issue
Advanced search Search tips

Issue 875575 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 19
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security:

Reported by b984...@gmail.com, Aug 18

Issue description

Chrome Version: 68.0.3440.106 
Operating System: ubuntu 16.04 LTS

VULNERABILITY DETAILS

I bought a used laptop, logged it into my account Google Chrome, after formatted the hard drive and put it on ubuntu 16.04 lts, ​​again went into my account Google Chrome,
in chrome: // settings / passwords appeared other people's logins and passwords (probably the former owner of the laptop).
below will attach the video, as I go into other people's accounts on the laptop, as well as on the android!
Also the login and password of the online bank click.alfabank.ru, if you copy the sim card of the owner (the number can be taken in social networks), anyone will go to the online bank and can use it as their own!
Also easily went to someone else's mail account.mail.ru and avito.ru where there is a lot of personal and billing data!

Conclusion: you can buy any used PC or smartphone, enter the most popular Google Chrome browser, where the default passwords and logins are retained, even after logging out of the account. A normal user just logs out of accounts, without deleting anything. Log in to other people's accounts and abuse their data!

REPRODUCTION CASE

 
video_2018-08-18.mp4
19.3 MB Download
This problem can occur in any new or inexperienced user.
Status: WontFix (was: Unconfirmed)
Thanks for the report, this is however working as intended. When you sign out of Chrome, data stops syncing, but existing data is not deleted. In order to delete all data you have to follow the instructions in https://support.google.com/chrome/answer/2392709.
Ok, users themselves are to blame for divulging their data.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 26

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment