New issue
Advanced search Search tips

Issue 885062 link

Starred by 3 users
Status: Unconfirmed
Owner: ----
Cc:
rhalavati@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Security: Chrome 69 Browsing Bug

Reported by braxtonh...@gmail.com, Sep 18 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Upon using incognito in Chrome 69, I realized something that did not happen in previous versions of Chrome. When signing into an account using the incognito mode, there are usually no accounts signed in. After signing in a user can close the tab and have accounts which were signed in forgotten and for there to be no ability to sign in. However, in Chrome 69 incognito mode, after a user signs into an account in incognito and closes the window the account is not forgotten. If incognito mode is opened again, the account is still remembered and logged in. 

This is a security threat to those who are using Incognito mode on any computers as someone can impersonate that user through email, social media, or merely gathering data without their consent since the account is remembered even when users expect their account to be forgotten by using Incognito mode. 

VERSION
Chrome Version: [69.0.3497.92] + [Stable, Official Build]
Operating System: [Mac OS X, 10.13.6, Service Pack is also 10.13.6]

REPRODUCTION CASE

In order to reproduce this case, please do the following:

1. Open Google Chrome in Incognito mode
2. Navigate to any website with a sign in. For example, google.com
3. Sign in to the website with an account
4. Confirm that you are signed into the website
5. Close the Incognito window
6. Open a new Incognito window
7. Navigate back to the same site, for example, google.com
8. Find the area where the account profile is usually located (the top right for google.com)
9. The account is still signed in

PLEASE NOTE THIS BUG IS NOT REPRODUCED BY USING A BINARY OR HTML FILE BUT RATHER A STEP BY STEP. I HAVE UPLOADED AN HTML FILE WITH INSTRUCTIONS TO DEMONSTRATE HOW TO REPRODUCE THE BUG SINCE AN ACCOUNT IS NEEDED.

Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.
incognito.html
6.5 KB View Download

Comment 1 by mbarbe...@chromium.org, Sep 21

Components: UI>Browser>Incognito Privacy>Incognito
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
This is not something we'd consider a security bug for some of the reasons outlined in https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md but I'm going to flip some labels around to let the right people take a look.

Comment 2 by msramek@chromium.org, Sep 23

Cc: rhalavati@chromium.org
Components: -UI>Browser>Incognito

Comment 3 by rhalavati@chromium.org, Sep 24

Labels: Needs-Feedback
Hi,

Thank you for the report, but I could not reproduce the error.
Can you confirm that you did not have any other incognito window open?
Can you send a video of the taken steps and the result?

Comment 4 by benhenry@google.com, Jan 11

Labels: Pri-2
Issue has a component, but no priority. Updating to have default priority (Pri-2)

Sign in to add a comment