Issue metadata
Sign in to add a comment
|
Security: Cross-browser credentials sharing
Reported by
dusan...@gmail.com,
Oct 13
|
||||||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com /chromium/src/+/master/docs/security/faq.md Please see the following link for instructions on filing security bugs: https://www.chromium.org/Home/chromium-security/reporting-security-bugs Reports may be eligible for reward payments under the Chrome VRP: http://g.co/ChromeBugRewards NOTE: Security bugs are normally made public once a fix has been widely deployed. ------------------------- VULNERABILITY DETAILS Opera browser transfers information from google chrome, including passwords saved in google chrome by other people, and then autofills that information on other computers hence giving access others to someone else`s email accounts. VERSION Chrome Version: [x.x.x.x] + [stable, beta, or dev] Operating System: [Please indicate OS, version, and service pack level] REPRODUCTION CASE Please include a demonstration of the security bug, such as an attached HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE make the file as small as possible and remove any content not required to demonstrate the bug, or any personal or confidential information. Please attach files directly, not in zip or other archive formats, and if you've created a demonstration site please also attach the files needed to reproduce the demonstration locally. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [tab, browser, etc.] Crash State: [see link above: stack trace *with symbols*, registers, exception record] Client ID (if relevant): [see link above] CREDIT INFORMATION Externally reported security bugs may appear in Chrome release notes. If this bug is included, how would you like to be credited? Reporter credit: [goes here]
,
Oct 16
Jim uses Chrome Version 69.0.3497.100 (Official Build) (64-bit). He saves all his passwords in the browser and rarely clears cache. I created medxtactor@gmail.com account in order to help Jim with advertising and social media management, hence this is the only link between Jim and I that I can think of. I recently installed Opera Version:56.0.3051.43, 64 bit Windows on my old computer - ca. 5 days ago. I also have MS Edge installed and Chrome Version 69.0.3497.100 (Official Build) (64-bit). I am logged into the medxtractor@gmail.com account on Chrome. I am not familiar with Opera as I never used it before, but what I noticed immediately after the install is that it copied and populated all the browsing history and saved tabs from Chrome to Opera - basically, it copied all the Chrome functionality and personalization. I also noticed that when I went to webmail.shaw.ca (my email service) in Opera, credential fields were autofilled with Jim`s (he also has email with Shaw). The credentials were valid and I was able to enter Jim`s email despite I never typed it into any fields on any browser before and don`t know his password. Secondly, I tested other sites in Opera - 1. I went to hotmail.com and it autofilled login with jimdurward @hotmail.com and password - when I clicked submit, Jim`s hotmail address was accessed. 2. when I went to ebay.com - credentials were autofilled with Jim`s login and password and I was able to access his ebay account. 3. When I went to amazon.ca, upon directing to the login url, credentials were automatically autofilled with Jim`s and I was able to access his amazon account. I do not see this in any other browser, just Opera. I am assuming that perhaps Jim uses the same password for all these services, but regardless, Opera is able to recognize various email login credentials (even when differing) and autofill the fields and allows strangers to access other`s accounts. Because of the only medxtractor@gmail.com link between Jim and I, it would be able to get the data via this route? Also, I am not sure how it is allowed/possible to copy everything saved in Chrome browser to Opera, including other`s saved passwords.
,
Oct 16
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 16
any application running on your system under the same user account as Chrome is able to read any data on your system including but not limited to, all your passwords - so it's possible here that Opera is importing the saved passwords from Chrome as part of installation. I don't think this is an issue with Chrome since any application can read saved passwords just by using an API. If you are concerned about the safety of your passwords, you should login to Windows with a password protected account, lock your screen when you are not using it, and do not install any untrusted applications. I'm marking as WontFix due to above, but please feel free to add any further information as relevant to the bug.
,
Today
(17 hours ago)
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by wfh@chromium.org
, Oct 15