You can try it with your friends at work or with anyone that gives you access to a computer… it’s really funny but dangerous.
I reported this issue to google and their response was: “Yes, given unrestricted access to a user’s account, you can steal data from it … Status:WontFix”
That’s true but still it’s really easy so i’ll show you how
click the icon on the right corner or chrome://settings/manageProfile
click on the Edit person or chrome://settings/people
click SIGN IN TO CHROME
use another gmail account with a known password (your gmail account)
BOOM you just stole chrome all saved passwords, form fields, bookmarks, history without knowing their password.
open any other computer
Sign in with your gmail account
browse to chrome://settings/?search=password
now you have all their password under you google account without ever knowing what their password was.
Many thanks to Idan Slonimsky that was an integral part of the work that lead to this post, and for his help in reviewing it.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.