Image for post
Image for post
Four Thieves by Jeff Buchanan

Chrome Hacking : Steal saved passwords, form fields, bookmarks and history.

Lior Margalit
Dec 8, 2017 · 2 min read

I have reported this to Google before I brought it to you, their response was disappointing and amounted to “Yes, given unrestricted access to a user’s account, you can steal data from it … Status:WontFix”.

You can try it with your friends at work or with anyone that gives you access to a computer… it’s really funny but dangerous and they really should fix it.

Lets Do It

Click the icon on the right corner or chrome://settings/manageProfile

Image for post
Image for post

Click on the Edit person or chrome://settings/people

Image for post
Image for post

SIGN OUT

Image for post
Image for post

Click SIGN IN TO CHROME

Use another gmail account with a known password (your gmail account)

Click next

Image for post
Image for post

Click continue

Image for post
Image for post

BOOM you just stole chrome all saved passwords, form fields, bookmarks, history without knowing their password.

open any other computer

Sign in with your gmail account
browse to chrome://settings/?search=password

Image for post
Image for post

Now you have all their password under you google account without ever knowing what their password was and call me crazy, but that ain’t right.

Many thanks to Idan Slonimsky that was an integral part of the work that lead to this post, and for his help in reviewing it.

Editors Note: Put a WEBGAP between you and the malware with a browser isolation technology or by leveraging a remote browser service.

secjuice™

secjuice™ is your daily shot of opinion, analysis & insight…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store