VULNERABILITY DETAILS
Note: This is a reupload of a previous issue - my wording was iffy at best and I need to reexplain why this is an issue and not just a physically local attack.

ORIGINAL:
Able to bypass 2FA for viewing passwords by logging into the target's Gmail account through Chrome itself. From there, the user can go to chrome://settings/passwords - and instead of being prompted with 2FA as they would be if logged in through gmail and not the chrome browser itself, are then prompted to login with the details of the computer.

UPDATED EXPLANATION:
I worded this poorly and it was misunderstood that this would only work on the target's personal computer. However, this issue allows hackers to bypass 2FA from ANY computer, as long as they have access to the victim's login details. When opening chrome://settings/passwords the hacker is prompted with the login details of their computer - rather than a 2FA prompt. Essentially, this trick allows hackers to gain access to a victim's details as if they were on the victim's personal computer when they are in fact on another device. To repeat - all a hacker needs to do is login to chrome itself (not just gmail, meaning the device will sync all data) and they are able to bypass 2FA from ANY device.


VERSION
Chrome Version: [69.0.3497.100] + [Stable]
Operating System: [Win10, Version 1803 (OS Build 17134.285)]

REPRODUCTION CASE
My apologies - I'm unsure of how to show a replication of this bypass as it's not done through malicious code.

CREDIT INFORMATION
Externally reported security bugs may appear in Chrome release notes. If
this bug is included, how would you like to be credited?
Reporter credit: [LiamO]