Issue 884523 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Sep 16
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security

Security:

Reported by omayrzan...@gmail.com, Sep 16

Issue description

VULNERABILITY DETAILS
I really don't know if this is really a Browser Security issue, but I think is a vulnerability for sure. I was able to bypass the password storage on the browser and send the password via Slack. The chrome browser inputs the passwords on the fields, and I could extract it via console. 

VERSION
Chrome Version: 69.0.3497.92 (Official Build) (64-bit)
Operating System: [Windows 10 Full patched]

REPRODUCTION CASE
I recorded my screen while my Arduino Rubber Ducky ran the exploit on the browser, I made the shortest video possible.

Thanks in advance,

Omayr

	2018-09-16_04-15-54.mp4 2.7 MB View Download

	Screenshot_20180916-041628~01.png 138 KB View Download

	Screenshot_1.jpg 217 KB View Download

Comment 1 by rsesek@chromium.org, Sep 16

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

This is not a security vulnerability. Our FAQ covers this case: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#What-about-unmasking-of-passwords-with-the-developer-tools

►

Issue 884523 link

Issue metadata

Security:

Issue description

Comment 1 by rsesek@chromium.org, Sep 16

Comment 1 Deleted

Sign in to add a comment