Issue metadata
Sign in to add a comment
|
Security: Stored passwords are not protected - ubuntu
Reported by
kwat...@gmail.com,
Oct 15
|
||||||||||||||||||||
Issue descriptionAnyone can show/view passwords stored in chrome without passing system password, even in case of protected access to the ubuntu system. In my opinion this is a serious mistake. As I know (and verified) Windows and android require system password. Chrome: 61.0.3163.100 Ubuntu 16.04 LTS
,
Oct 15
This is outside of Chrome's threat model. "We consider this attack outside Chrome's threat model, because there is no way for Chrome (or any application) to defend against a malicious user who has managed to log into your computer as you, or who can run software with the privileges of your operating system user account. Such an attacker can modify executables, change environment variables like PATH, change configuration files, read any data your user account owns, email it to themselves, and so on. Such an attacker has total control over your computer, and nothing Chrome can do would provide a serious guarantee of defense. This problem is not special to Chrome — all applications must trust the physically-local user." Please see: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
,
Today
(17 hours ago)
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by dtapu...@chromium.org
, Oct 15