This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

Passwords stored for web sites can be displayed (read) without operating system password authentication (the one which needs to be entered if someone wants to check the stored passwords in the settings). 

How to do it.
Go to a web site which has a password stored in Chrome.
Right click in the password box (where stars are displayed) and select inspect.
Find type="password" in the highlighted area.
Change it to anything like this type="paueu" then press enter and the real password is shown in the password box.

Please see attached video for details/

VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev] Version 69.0.3497.100 (Official Build) (64-bit)
Operating System: [Please indicate OS, version, and service pack level]
Windows 10 Enterprise
Version 1709
OSS build 16299.125

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]

 

Deleted: Password retrieval.mp4 1.2 MB

	Password retrieval.mp4 1.2 MB View Download