Ubuntu
chromium-browser package

google passwords shown without asking user password

Bug #1562543 reported by Jaime Pérez
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

If user session is active and someone gets into chromium settings, user passwords can be seen withount any security step (in windows, user password is asked before showing passwords). As with chromebooks ubuntu is not locked when suspended, all my passwords are available to anyone. So It would good to put an authentication step before showing user passwords.

Jaime Pérez (jaime-91)
information type: Private Security → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

An unlocked session isn't exactly safe; it'd be easy enough to install e.g. a keylogger or other malware while the session is unlocked. And even a locked session isn't very safe if a malicious actor can reboot and get plaintext access to storage. A real solution includes full disk encryption as well.

Thanks

Revision history for this message
Jaime Pérez (jaime-91) wrote :

Well, but not everyone knows to use a keylogger. But if you put them pwds in their face... The problem is that chromebooks's crouton's ubuntu doesn't lock session when closing lid.

Marc Deslauriers (mdeslaur)
Changed in chromium-browser (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.