New issue
Advanced search Search tips

Issue 894973 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 15
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Using inCognito

Reported by akshita....@gmail.com, Oct 12 
Hello,

My name is Akshita Gulati.

So, I noticed this bug while I was logging in. I logged in using the normal Google Chrome browser. After I entered my email id and password in a new computer i.e. I never logged into this computer ever before, it took me to the verification needed screen with the information This is required when something about your sign-in activity changes, like signing in from a new device or location- which is good and to be frank I was impressed.

When I tried doing the same via an inCognito window, there was no verification needed step in place.

So, is this an error on the browser side? 

Was just curious as to why this has occurred.
I hope you take my concern seriously. It may turn into a major problem later (I suppose), but not sure of it.


Thank you and have a nice weekend!

Comment 1 by wfh@chromium.org, Oct 15

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
hi - Google uses a variety of risk analysis based approaches as to whether additional information is required when signing, and so it's possible that since you are signing in from the same IP address some of this affected the behavior.

You can read more about this here -> https://sites.google.com/site/bughunteruniversity/nonvuln/cookies-working-after-logout

Besides, this doesn't seem like a Chromium vulnerability - if you still think there is sometihng wrong happening here please feel free to file a vulnerability against Google login here -> https://goo.gl/vulnz

Sign in to add a comment