Issue 178358 in chromium: A pop up message "Google Chrome wants to use your confidential information stored in your keychain. Do you want to allow access to this item?" appears persistently

[chro...@googlecode.com]

Status: Unconfirmed
Owner: ----
CC: dp...@chromium.org, Sriharir...@chromium.org,
jayakris...@chromium.org, rana...@chromium.org, telukun...@chromium.org,
jaisi...@chromium.org
Labels: Type-Bug Pri-2 Area-UI OS-Mac GoogleFeedback Feature-Accessibility

New issue 178358 by mangalam...@chromium.org: A pop up message "Google
Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

The below data is provided based on user reports in 'GoogleFeedback'. We
did not reproduce the issue.

8+ users have reported this issue in 'GoogleFeeback' since 21st Feb 2013.

Chrome Version : 25.0.1364.99 Beta version

URLs (if applicable): NA


Other browsers tested :NA


What steps will reproduce the problem?
1.Launch Chrome Browser.
2.Access any website.

What is the expected result?
The desired website is successfully accessed without any error.

What happens instead?
A pop up message "Google Chrome wants to use your confidential information
stored in your keychain. Do you want to allow access to this item?"
appears, thereby hindering accessibility.

Additional Information: Few observations based on user submitted reports:

1.Many users have reported the issue while trying to access
www.facebook.com.
2.The error is persistent even though the “deny” option is selected.
3.Few users have reported the issue while trying to access www.twitter.com
4. One user mentions that the error doesn't occur when other browsers are
used.
5.One user mentions that once clicking “allow” option, saved the password
and now the error still persists. Again clicking on the “deny” option
doesn't resolve the issue and the password cannot be unsaved.
6.Most reports are from OS:Mac 10.7 and OS:Mac 10.8
7.91% of the reports are from Locale:EN.

NOTE:
We are unable to reproduce the issue in Chrome:.Version 25.0.1364.97 beta
on Ubuntu OS.

For more details, refer the user reports below:
http://goto.google.com/392204926
http://goto.google.com/650973864
http://goto.google.com/650051656
http://goto.google.com/704399251

For further more user reports, refer the below cluster URL
http://goto.google.com/3316789

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Comment #1 on issue 178358 by spork.sp...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I"m not surprised you can't reproduce this on Ubuntu. :) Comeon guys...

It's probably related to this bug from 2010 as well:
https://code.google.com/p/chromium/issues/detail?id=43969&q=os%3Amac%20keychain&sort=-stars&colspec=ID%20Pri%20Mstone%20ReleaseBlock%20OS%20Area%20Feature%20Status%20Owner%20Summary

To be clear, a recent build introduced this problem. At the same time the
problem showed up, there was also a new UI for htpass-type http auth
introduced. Maybe someone buggered something while changing the UI.

Important facts to note about this:

-It happens even if you have Chrome set to NOT manage your passwords.
Chrome should not even be asking for keychain entries if password
management is disabled. Note that on the Mac both 1Password and LastPass
are fairly commonly used for password management, so many Mac users disable
the password management option in Chrome.
-It happens on sites where you already have login info for the site saved
in the keychain (ie: from another browser, like Safari)
-It's a new problem, introduced in the last month or so
-Another thing pointing to an issue with the "manage passwords" setting not
fully working is that if you have password management OFF and you
click "Allow" on the keychain dialogue, the form is not filled. If you
have it set to ON it is. But why is it trying to do a lookup in the first
place if password management is disabled???

Please, have a close look at this (on a Mac, it's not going to show on
Ubuntu). It's insanely frustrating. For novice Mac users, you're
confusing them needlessly and driving them back to Safari or Firefox. For
advanced Mac users, you're just pissing them off by letting such an issue
linger for this long.

Maybe the attached screenshot illustrates the issue.

Attachments:
Screen shot 2013-03-08 at 8.47.08 PM.png 280 KB

[chro...@googlecode.com]

Comment #4 on issue 178358 by pa...@infini-source.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Yep I agree with everyone here. I too am receiving this same message on a
MAC - OS X 10.8.3 and Chrome Version 25.0.1364.172. This has been an issue
for at least a month (maybe longer) now. It does not present itself on any
other platform as I use Chrome on Windows and Ubuntu. The password
management option is simply ignored.

[chro...@googlecode.com]

Comment #5 on issue 178358 by nmerritt...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Just wondering if anyone else having this issue has RoboForm installed? I
do. Wondering if somehow related.

[chro...@googlecode.com]

Comment #6 on issue 178358 by spork.sp...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Still uncomfirmed?

Here's a step-by-step to reproduce:

-Buy, borrow, thieve a Mac (hardware, os version seems unimportant)
-Find a site with a login form, visit it in Safari
-In Safari settings, ensure saving passwords is enabled
-Let Safari save the user/pass for the site
-Open Keychain.app and verify you see the credentials for the site saved
-Open Chrome, go to settings and disable "offer to save passwords..." in
settings
-Go to the site you went to in Safari
-Observe the keychain popup

[chro...@googlecode.com]

Comment #7 on issue 178358 by betocol...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Same issue here. Latest version of Chrome / Mac OSX 10.7.5 .

[chro...@googlecode.com]

Updates:
Labels: -Cr-UI-Accessibility Cr-UI-Browser-Passwords

Comment #8 on issue 178358 by kenji...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #9 on issue 178358 by rjvber...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I also have this kind of issue, but not exactly with site logins I do store
the creds of via the browser. If those time out I consider it kind of
normal to be asked for a pw again ... though I'd appreciate an option to
cache the info in memory. In my case I started getting the pw window at
regular intervals, not related to any site open, but to my keychain
timeout. It turned out to be the 'Chrome Safe Storage' entry which is being
accessed and which I presume stores your Chrome profile info. Haven't tried
to switch that off because I want the synchronisation.

I don't get popups for sites I've set to 'never save pw' (which gives a
special keychain entry).
I presume this new behaviour is an indication that there's an issue with
in-memory pw caching.

I found a workaround. Create a new keychain, set it to remain open (but
lock on sleep), and move the Chrome Safe Storage entry there. You'll still
get a dialog, but only once per session.

[chro...@googlecode.com]

Comment #10 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Re the screenshot above: it suggests rather strongly that the don't *store*
pws setting doesn't prevent GC from trying to *read* existing entries. At
least I presume that's what the presence of an entry name means, that one
exists (pre 10.7 OS X didn't show the requested entry name, which is
annonying for debugging but better for security imho).

Pre 10.7 the keychain entry access list was applied only after unlocking
the keychain, is that still the case?

[chro...@googlecode.com]

Updates:
Status: Assigned
Owner: est...@chromium.org
Cc: rsl...@chromium.org

Comment #12 on issue 178358 by ero...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I just had the same complaint from my mom.

It is extremely frustrating to users, and confusing/scary too when you
don't know what is happening. spork explains the problem nicely in comment
#1.

* Disabling password management in Chrome has no effect
* Hitting Deny is ineffectual since it must be done every single time the
page loads

I ended up having to delete her keychain entries for some websites to get
this to go away (presumably populated by Safari).

@estade: Can you find someone to take a look at this? Thanks!

[chro...@googlecode.com]

Updates:
Owner: ishe...@chromium.org

Comment #13 on issue 178358 by est...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #14 on issue 178358 by spork.sp...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

How to get bugs fixed? Make sure it irritates a developer's mother. :)

[chro...@googlecode.com]

Updates:
Status: Started

Comment #15 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

https://chromiumcodereview.appspot.com/19775014/ would fix the case when
Chrome's password manager is disabled. It's not really clear to me how we
ought to improve the case when the password manager is still enabled, but
maybe fixing the disabled case is good enough.

[chro...@googlecode.com]

Updates:
Cc: pal...@chromium.org stuart...@chromium.org

Comment #16 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Issue 270132 has been merged into this issue.

[chro...@googlecode.com]

Comment #18 on issue 178358 by Sam.Lust...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Struggling here with this exact issue. Safari is not responsible for the
bug. Safari can read the passwords in Keychain Access after they are added.

Chromium builds are adding the passwords into Keychain Access for storage -
a consequence of sync. Each new build of Chromium that I install and
overwrite with causes Keychain to reverify - not trust the "new" program.
If you watch the Keychain Access when opening the new build, you'll see
Chrome/Chromium adding your synced passwords to the Keychain, but it
doesn't give itself access.

[chro...@googlecode.com]

Comment #19 on issue 178358 by stuart...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

The application that adds items always has access. The behavior you are
seeing is an expected consequence of using Chromium builds, which are
unsigned, and thus not trusted by Keychain as being the same application
from version to version. Google Chrome and Safari, which are signed, don't
have that behavior.

[chro...@googlecode.com]

Comment #20 on issue 178358 by Sam.Lust...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Thanks for commenting for this behavior. Why are Chromium builds left
unsigned?

[chro...@googlecode.com]

Comment #21 on issue 178358 by stuart...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Chromium builds are not a product, they are a convenience for Chromium
developers (e.g., for bisecting builds for regression ranges).

[chro...@googlecode.com]

Comment #23 on issue 178358 by mbel...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I just commented on another bug, but this one seems like it is the right
bug to file on.
(https://code.google.com/p/chromium/issues/detail?id=324526)

My comment:
I am having this problem too. It's awful, and it appears to have gotten
much worse in the latest update.

I am not using enterprise edition, just the regular consumer version:
Version 31.0.1650.57

Worse, when the Keychain Access Dialog (from OSX) is on the screen, the
browser cannot make new connections to any SSL site, because that requires
the keychain, which is blocked on the stupid prompt I never wanted.

Repro steps:
- connect to a site that needs a password
- let the dialog box stay open (see attached)
- try to connect to any SSL site that you don't have a connection open
to. You'll see it freeze with the second attachment "Establishing
Connection to Secure Site...."
- close the stupid keychain box
- ahhhh- networking works again!

I am getting prompted LIKE CRAZY and it even makes me want to switch
browsers. Something is very broken.

[chro...@googlecode.com]

Comment #24 on issue 178358 by mbel...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I want to highlight the last comment:

*** TLS Connections hang while the keychain access dialog is on the screen.

So you can't ignore it.

[chro...@googlecode.com]

Updates:
Cc: dub...@chromium.org

Comment #25 on issue 178358 by va...@chromium.org: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Issue 324526 has been merged into this issue.

[chro...@googlecode.com]

Comment #26 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

isherman: Are you actively working on this? If not, I can take a look at it.

[chro...@googlecode.com]

Comment #27 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Patrick, I have a CL for this that's in desperate need of rebasing: [
https://chromiumcodereview.appspot.com/19775014/ ]. I'm still meaning to
get back to it, but keep finding myself distracted by higher-priority
tasks. You're more than welcome to yoink this bug from me, possibly using
that CL as a starting point.

[chro...@googlecode.com]

Updates:
Owner: dub...@chromium.org
Cc: -dub...@chromium.org ishe...@chromium.org

Comment #28 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #29 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

+glen, since he supported the behaviour change discussed in
http://crbug.com/158296.

I've rebased the CL that isherman referred to in #27, but I'm not sure it's
the right fix.

As of http://crrev.com/166878, there is no way to disable autofilling
passwords. It seems to me that we should address that, rather than
repurposing the "Offer to save passwords" checkbox to also mean "don't
autofill passwords that Chrome doesn't already have access to."

I would suggest one of the following fixes:

1. Revert the behaviour introduced by http://crrev.com/166878. The use case
of "I want to autofill passwords, but I don't want to save passwords" seems
uncommon, and is adequately addressed by clicking "Never for this site" or
simply ignoring the save password infobar.

2. Change the "Enable Autofill" to checkbox to also affect passwords
(currently it doesn't affects password forms, which seems unintuitive to
me).

3. Add a new "Enable password autofill" checkbox to chrome://settings or
chrome://settings/autofill.

Glen, Ilya, what do you think about these options?

[chro...@googlecode.com]

Updates:
Cc: gl...@chromium.org

Comment #30 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Actually +glen this time. Glen, please see comment #29 above.

[chro...@googlecode.com]

Comment #31 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Another idea: if we determine that we'll have to prompt the user to access
the Keychain data, what if we don't try to autofill the password on page
load, but instead show an autofill pop-up when the user starts typing in
the username field. This is exactly what we do in incognito mode.

This way, it's more clear why we are prompting for access, and it gives you
an easy way to avoid the prompt. The downside is that would be an extra
couple of steps to fill *any* passwords that are imported from Safari.

Here's a mock to show what I mean.

Attachments:
keychain-prompt-dropdown.png 16.3 KB

[chro...@googlecode.com]

Comment #36 on issue 178358 by char...@westphals.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Thanks!

[chro...@googlecode.com]

Comment #38 on issue 178358 by abhibeck...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Since this is approaching 10 months and still hasn't been fixed, I think
it's time to forget about complex refactoring and add a setting to
chrome://flags. Even just "autofill passwords [enable/disable]" would do
the trick.

Personally I use a third party plugin to fill passwords in Chrome and also
have around 700 passwords in keychain that I do not want Chrome to decrypt.
Any time I visit one of those websites, chrome asks for access (sometimes 5
or 6 times). If I click on a link, it asks again 5 or 6 times. Basically
the browser is completely unusable for any domain name that has a keychain
entry.

It seems like this is the sort of issue a geek would run into, so a hidden
setting should do the trick.

[chro...@googlecode.com]

Comment #40 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

@38: How do other browsers behave when they're not supposed to have access
to said password entries? I'm not sure the whole Keychain Acces framework
provides for "X.app doesn't have access to entry Y" (one can only list
allowed applications) unless those applications maintain a list of
off-limits entries themselves.

OTOH, I personally do not use password entries for storing passwords I just
want to remember but not make accessible to applications. There are secure
notes for that purpose. That also protects them from mistakingly doing an
overzealous Safari reset ...

I agree that it seems weird that one can opt out of saving passwords, but
not out of auto-filling them. Would it be that auto-fill is deactivated
when the option to save passwords is turned off?

[chro...@googlecode.com]

Comment #39 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

@38: How do other browsers behave when they're not supposed to have access
to said password entries? I'm not sure the whole Keychain Acces framework
provides for "X.app doesn't have access to entry Y" (one can only list
allowed applications) unless those applications maintain a list of
off-limits entries themselves.

OTOH, I personally do not use password entries for storing passwords I just
want to remember but not make accessible to applications. There are secure
notes for that purpose. That also protects them from mistakingly doing an
overzealous Safari reset ...

I agree that it seems weird that one can opt out of saving passwords, but
not out of auto-filling them. Would it be that auto-fill is deactivated
when the option to save passwords is turned off?

[chro...@googlecode.com]

Updates:
Cc: ianb...@chromium.org w...@chromium.org j...@chromium.org
f...@chromium.org

Comment #41 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Issue 328571 has been merged into this issue.

[chro...@googlecode.com]

Comment #42 on issue 178358 by bugdro...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently

http://code.google.com/p/chromium/issues/detail?id=178358#c42

------------------------------------------------------------------------
r241255 | dub...@chromium.org | 2013-12-17T11:40:26.910147Z

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/test_password_store.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_unittest.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_form_manager_unittest.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/test_password_store.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_form_manager.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_form_manager.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_default.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_default.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/mock_password_store.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_win_unittest.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_manager_unittest.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_win.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_manager.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_mac_unittest.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_win.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_mac.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_mac.h?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_x.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/sync/test/integration/passwords_helper.cc?r1=241255&r2=241254&pathrev=241255
M
http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/password_manager/password_store_x.h?r1=241255&r2=241254&pathrev=241255

[Mac] Passwords: Don't always prompt to access passwords saved by other
browsers

Disable Keychain password access prompts when Chrome's "Ask to save
passwords"
option is disabled. This gives users an escape hatch other than clicking
"Always allow" or "Deny" for each password prompt when they have passwords
saved from other browsers. This previously regressed with
http://crrev.com/166878.

R=stuart...@chromium.org
TBR=atwi...@chromium.org
BUG=178358
TEST=
1. In *Safari*, navigate to a login page for which you can save a password.
2. Log in, and instruct Safari to save the password.
3. In *Chrome*, under Advanced Settings, disable password management.
4. Navigate to the same login page.
At step (4), there should be no prompt for authorization to access the
password saved in Safari.

Review URL: https://codereview.chromium.org/106053008
------------------------------------------------------------------------

[chro...@googlecode.com]

Updates:
Labels: -Merge-Requested Merge-Approved

Comment #46 on issue 178358 by lafo...@google.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently

http://code.google.com/p/chromium/issues/detail?id=178358

(No comment was entered for this change.)

[chro...@googlecode.com]

Updates:
Labels: -Merge-Approved merge-merged-1750

Comment #47 on issue 178358 by bugdro...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently

http://code.google.com/p/chromium/issues/detail?id=178358#c47

------------------------------------------------------------------------
r241843 | dub...@chromium.org | 2013-12-19T11:53:09.843187Z

Changed paths:
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_x.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/sync/test/integration/passwords_helper.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_x.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/test_password_store.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_unittest.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_form_manager_unittest.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_form_manager.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/test_password_store.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_form_manager.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_default.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_default.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/mock_password_store.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_win_unittest.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_manager_unittest.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_win.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_manager.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_mac_unittest.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_win.h?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_mac.cc?r1=241843&r2=241842&pathrev=241843
M
http://src.chromium.org/viewvc/chrome/branches/1750/src/chrome/browser/password_manager/password_store_mac.h?r1=241843&r2=241842&pathrev=241843

Merge 241255 "[Mac] Passwords: Don't always prompt to access pas..."

> [Mac] Passwords: Don't always prompt to access passwords saved by other
> browsers

> Disable Keychain password access prompts when Chrome's "Ask to save
> passwords"
> option is disabled. This gives users an escape hatch other than clicking
> "Always allow" or "Deny" for each password prompt when they have passwords
> saved from other browsers. This previously regressed with
> http://crrev.com/166878.

> R=stuart...@chromium.org
> TBR=atwi...@chromium.org
> BUG=178358
> TEST=
> 1. In *Safari*, navigate to a login page for which you can save a
> password.
> 2. Log in, and instruct Safari to save the password.
> 3. In *Chrome*, under Advanced Settings, disable password management.
> 4. Navigate to the same login page.
> At step (4), there should be no prompt for authorization to access the
> password saved in Safari.

> Review URL: https://codereview.chromium.org/106053008

TBR=dub...@chromium.org

Review URL: https://codereview.chromium.org/99303009
------------------------------------------------------------------------

[chro...@googlecode.com]

Comment #48 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

For the record, I consider the CL landed above (http://crrev.com/241255) to
be a temporary workaround for the problem. In M34, I hope to have time to
work on a better solution, probably what I described in comment 31 above.

[chro...@googlecode.com]

Comment #49 on issue 178358 by bie...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Now in January 2014 and still no real solution to this for Mac users. My
own experience is that with certain websites (Facebook for example) this
pop up reappears once I have hit the deny button for all my
accounts/passwords and so I am unable to login to Facebook.

happily I have other browsers that work perfectly well so I don't use
Chrome very much anymore. Shame really as I was hoping for something that
worked as well as the Google search engine.

[chro...@googlecode.com]

Comment #50 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

bienjn: What version of Chrome are you using? In Chrome 33 (currently in
dev channel), there is a workaround -- go to chrome://settings, click "Show
advanced settings..." and then uncheck "Offer to save passwords I enter on
the web."

If you do this, Chrome should stop asking for access to Keychain passwords.
If that does not work, please let me know.

[chro...@googlecode.com]

Comment #56 on issue 178358 by ununpent...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Does anyone have an idea when Google Chrome will start to play nice with
and utilize iCloud keychain if it is turned on? It may not resolve the
concerns many have of the designed popup permission functionality (I'm fine
with that), but for those who use both browsers for the obvious and
not-so-obvious reasons, it would prevent multiple syncing methods across
the same devices, and having to manage/maintain mostly duplicated passwords
in 2 different keychains: "login" and "iCloud".

[ Mavericks 10.9.1 / Chrome 32.0.1700.107 / Safari 7.0.1 (9537.73.11) ]

[chro...@googlecode.com]

Comment #57 on issue 178358 by stuart...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Please file a new bug for a totally new feature request; that's off-topic
for this bug.

[chro...@googlecode.com]

Comment #58 on issue 178358 by rlya...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Still happening? Seriously?

[chro...@googlecode.com]

Updates:
Cc: gca...@chromium.org cr...@chromium.org dub...@chromium.org

Comment #59 on issue 178358 by gca...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Issue 356310 has been merged into this issue.

[chro...@googlecode.com]

Comment #61 on issue 178358 by ziran....@samsung.com: A pop up

[chro...@googlecode.com]

Comment #62 on issue 178358 by ishe...@chromium.org: A pop up

[chro...@googlecode.com]

Comment #65 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Yes, Patrick has the first CL in flight for this:
https://chromiumcodereview.appspot.com/184103016/

[chro...@googlecode.com]

Comment #66 on issue 178358 by farsonja...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I keep my login keychain desynchronized from my main account password and
locked by default. I recently updated to 10.9 and now I can't use chrome
because it infinity-prompts for "Google Chrome wants to use the 'login'
keychain" when I open Chrome. But it doesn't need to use the login keychain
because I'm not allowing it to store anything ever. This has made Chrome
effectively unusable, so I'm back to Safari for the time being :/

[chro...@googlecode.com]

Comment #67 on issue 178358 by dannym...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I am not using Chrome because of this reason. It makes it worthless as a
browser.

[chro...@googlecode.com]

Comment #68 on issue 178358 by alex.zep...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Yep. This makes Chrome completely unusable with a locked keychain. Way to
go guys!

[chro...@googlecode.com]

Comment #70 on issue 178358 by jim.ka...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I started having this problem with Chrome and with Microsoft Outlook 2011
after I upgraded to Mavericks. I may have to abandon both programs.

[chro...@googlecode.com]

Comment #71 on issue 178358 by martinturon: A pop up message "Google Chrome

wants to use your confidential information stored in your keychain. Do you
want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Yes, I've been facing this problem for years: infinite loop of "keychain
password" dialogs that recur until a password is typed in... It seems this
work-around fixes it:

1) Chrome -> Settings -> Show Advanced Settings... -> [] Offer to save your
passwords (uncheck)

2) Open keychain
a) Delete "Chrome safe storage" (this may be all that is required --
but I had done the other things as well)
b) Delete all "Webform" passwords

Chromium team: perhaps the above information can help you replicate the
problem. This is a *severe* usability for Mac users and will decrease
adoption of an otherwise great product.

[chro...@googlecode.com]

Comment #74 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Issue 356310 has been merged into this issue.

[chro...@googlecode.com]

Comment #76 on issue 178358 by byrd.par...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

How can I use <speedtest.net>on a MAC without using GoogleCrome?

[chro...@googlecode.com]

Comment #77 on issue 178358 by Zajpn...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

What is the outlook for a fix for Issue 178358: please?

[chro...@googlecode.com]

Updates:
Status: Available
Owner: ---

Comment #80 on issue 178358 by dub...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I'm not working on this anymore. After r265993, I think it should be fairly
easy to implement what I described in comment 31.

[chro...@googlecode.com]

Comment #81 on issue 178358 by songer1...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Well guys - I checked your response in #31 which offers to let me download
a .png file that tells me nothing. I just counted the latest incident of
this - FIFTY CLICKS on the same request to allow access. I had abandoned
Chrome for multiple reasons (Google is becoming almost as invasive as
Facebook IMHO) but encouraged to try again by a techie friend. This
constant clicking is insane I'm "glad" #80 dub thinks his answer in #31
solves the problem but I don't get it. Please remember that there are a lot
of us "ordinary" users that just want things to work - can anyone describe,
in plain, simple old English, how to stop this problem, please?

[chro...@googlecode.com]

Comment #87 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Technically, it's not an infinite loop -- it's one request per saved
password. Admittedly, the distinction is mostly academic -- nobody wants
to click through a big pile of prompts, finite or otherwise.

[chro...@googlecode.com]

Comment #88 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

On Tuesday July 01 2014, rjvb...@gmail.com wrote regarding "Re: Issue
178358 in chromium: A pop up message "Google Chrome wants to use your

confidential information stored in your keychain. Do you want to allow
access to this item?" appears persistently"

Actually, it *could* be an infinite loop (or at least a deadlock); there
only need be 1 password that Chrome refuses not to obtain in order to
remain in the loop.

I continue to wonder why Chrome on OS X doesn't keep an internal copy of
the sync password as it seems to do on Linux.

There is something not completely right with its interaction with the OS X
keychain, clearly. I have a related issue on at least 1 site, for which I
stored the credentials in my "Open" keychain. Chrome obtains and identifies
using those credentials without asking to unlock the keychain, but it wants
to unlock the default keychain afterwards ... to store the creds there. I
have never raised this issue as I cannot be sure this is not due to how the
site is coded.

[chro...@googlecode.com]

Comment #89 on issue 178358 by jerr...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

All I see above is a bunch of speculation and discussion but no real
solution. WTF is wrong with Google that they can't fix this persistent,
incredibly annoying problem?!?

[chro...@googlecode.com]

Comment #90 on issue 178358 by erik...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Chrome has several keychain related bugs.

I am going to list explicit reproduction steps for the bug that most of
this thread is concerned with:
1. The login and local item keychains are unlocked.
2. There is a keychain item in one of these two keychains with kind
= "Internet password" for a site like twitter.com
3. Right click on the keychain item, and click "Get Info". Navigate to
the "Access Control" tab. The radio button "Confirm before allowing access"
should be selected, and the box "Ask for Keychain password" should be
unchecked. Under the list: "Always allow access by these
applications", "Google Chrome" should not be present.
4. Navigate to twitter.com.
5. Keychain popup comes up: "Chrome would like to use your keychain....".
Click either "Allow" or "Deny", but do not click "Always allow".

Result: I get prompted 8 times immediately after loading the twitter.com
site.
Expected result: I get prompted exactly 1 time, or I don't get prompted at
all.

The problem is that Chrome assumes that accessing the Keychain has no UI
impact. This is true for keychain items where Chrome is already allowed
access. This is not true for keychain items created by Safari, Firefox,
Chromium, Chrome Canary, etc.

(As an aside, the latest versions of Safari and Firefox don't
create "Internet Passwords" in the keychain. Safari makes "Web form
passwords" and Firefox doesn't touch the keychain at all.)

I discussed potential solutions with isherman. This is what we decided:

Step 1) Chrome should be able to tell if accessing a keychain item would
cause a keychain prompt. Never do so on initial page load.
Step 2) If a user types in a username into a form, and the username matches
a particular keychain item that Chrome does not have access to, immediately
prompt the user for access to the keychain item.

Step 1 is high priority, and also easy. It removes a major UI pain point
for many users and will fix this bug.
Step 2 is lower priority, and possibly more difficult. I believe someone
was already working on building this functionality, but then stopped. It
affects a smaller proportion of users, but could be very useful for them.

I am going to immediately implement Step 1, and look into Step 2.

[chro...@googlecode.com]

Comment #93 on issue 178358 by bat...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Just FYI as it may help some people as a work around while Erik is working
on a proper fix:

It has been reported that people got out being prompted by the following
steps.
1) Open Keychain and make sure that the Keychains storing the passwords are
unlocked. Otherwise unlock with right mouse click.
2) Make sure that the keychain password is the same password as the
password of the user account on MacOS (Right mouse button click -> Change
Password for Keychain "login")
3) Right mouse button click -> Change Settings for Keychain "login" ->
disable that Keychain locks automatically after some inactivity

[chro...@googlecode.com]

Comment #97 on issue 178358 by sdi...@turbulent.ca: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I had a similar problem with Chrome Mac version 35.0.1916.153, probably
because I had an additional keychain named ancien_mac (old_mac) in my
Keychain app. Chrome always prompted me for old keychain password, at
launch and/or during browsing. Somehow it looked like Chrome was unable to
manage other keychains except the default "session" one.

Annoyed, I finally merged my old keychain items into my main session
keychain and deleted the old one.

I no longer have the keychain prompt.

[chro...@googlecode.com]

Comment #100 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Maybe Chrome's intention, because that's not how things work on OS X, at
least not in my experience. The keychain stores full credentials, meaning
you don't have to remember password nor user name, pseudo, or whatever kind
of ID a site requires.

[chro...@googlecode.com]

Comment #101 on issue 178358 by stuart...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I'm not caught up, but very briefly in the meantime:

> Firefox doesn't touch the keychain at all

Firefox has never used keychain. Firefox developers chose to value being
able to drag-and-drop profiles across OS over being a good native OS X
citizen.

So, Firefox has never been interoperable with any other browser on OS X
from a password standpoint, and have ignored the OS X convention. We made a
very deliberate decision to be a good OS citizen, and interoperate with all
the other browsers.

(The fact that Safari passwords aren't interoperable is definitely a
regression though.)

[chro...@googlecode.com]

Comment #102 on issue 178358 by wtng...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I encountered the same issue in the last couple of weeks. Out of the blue,
every time I opened Google Chrome, the keychain dialog box would pop up
before I had a chance to put in a website URL in the browser. Regardless
of how many times I clicked or which button I clicked, the dialog box kept
reappearing. I followed the advice from Dave.king and opened up keychain
access in utility. But I could not find any web form password. So now
what should I do to get rid of this dialog box?

[chro...@googlecode.com]

Comment #104 on issue 178358 by wbor...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Pardon me, but I use different browsers BECAUSE I DON'T WANT TO BE
INTEROPERABLE.

Each browser is used for a specific client, and I don't want their password
and account information to get confused. By deciding
that 'interoperability' is a good idea, you've made Chrome unusable.

Which is a damned nuisance, because it's the best browser out there.

You should make this should be a user selectable choice. If you want to be
able to share passwords, fine. If you don't, that's also fine. We all have
different needs.

Wayne

[chro...@googlecode.com]

Comment #105 on issue 178358 by asme...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Chrome has a user manager, which is probably a better way to do what you
are trying to do.

[chro...@googlecode.com]

Comment #110 on issue 178358 by erikc...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Ah, I misunderstood you. Never showing the Keychain access prompt dialog is
intentional.

[chro...@googlecode.com]

Comment #113 on issue 178358 by wbor...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Hey, that's all we are asking for - that the KeyChain Access dialog prompt
not be shown.

[chro...@googlecode.com]

Comment #115 on issue 178358 by bugdro...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently

http://code.google.com/p/chromium/issues/detail?id=178358#c115

The following revision refers to this bug:

https://chromium.googlesource.com/chromium/src.git/+/5b24aa9ddf2cf9930739895ac2027eed89f18c74

commit 5b24aa9ddf2cf9930739895ac2027eed89f18c74
Author: erik...@chromium.org
<erik...@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed Aug 06 19:24:17 2014

Allow the browser to choose PasswordManager's authorization prompt policy.

This only affects OSX. Recently, Chrome stopped prompting users for access
to
the keychain to autofill passwords (to pull in passwords from other
browsers).
Opera wants to use a different policy, so pull the logic into
password_manager_client.

BUG=178358

Review URL: https://codereview.chromium.org/444753002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287825
0039d316-1c4b-4281-b951-d872f2087c98

[chro...@googlecode.com]

Comment #116 on issue 178358 by bugdro...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently

http://code.google.com/p/chromium/issues/detail?id=178358#c116

------------------------------------------------------------------
r287825 | erik...@chromium.org | 2014-08-06T19:24:17.567151Z

Changed paths:
M
http://src.chromium.org/viewvc/chrome/trunk/src/components/password_manager/core/browser/password_manager.cc?r1=287825&r2=287824&pathrev=287825
M
http://src.chromium.org/viewvc/chrome/trunk/src/components/password_manager/core/browser/password_manager_client.h?r1=287825&r2=287824&pathrev=287825
M
http://src.chromium.org/viewvc/chrome/trunk/src/components/password_manager/core/browser/password_manager_client.cc?r1=287825&r2=287824&pathrev=287825

Allow the browser to choose PasswordManager's authorization prompt policy.

This only affects OSX. Recently, Chrome stopped prompting users for access
to
the keychain to autofill passwords (to pull in passwords from other
browsers).
Opera wants to use a different policy, so pull the logic into
password_manager_client.

BUG=178358

Review URL: https://codereview.chromium.org/444753002

-----------------------------------------------------------------

[chro...@googlecode.com]

Comment #117 on issue 178358 by wbor...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Erik Chen:

So I assume you are telling me that this is a figment of my imagination?
This is a screen grab that I took about five minutes ago, showing the
prompting that you are claiming Chrome doesn't do.

Wayne


Attachments:
KeyChain.jpg 185 KB

[chro...@googlecode.com]

Comment #121 on issue 178358 by erikc...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

rjvbertin: I don't know what's happening on the Linux side.

On Chrome 38 for Mac, if an attempt to grab an Autofill password would
result in a keychain prompt (either because the keychain is locked, or
because Chrome is not on the ACL for that keychain entry) then Chrome will
/not/ cause a keychain prompt to appear, and will instead not perform
Autofill for that web form.

[chro...@googlecode.com]

Updates:
Labels: -M-33 M-38

Comment #122 on issue 178358 by ishe...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Note: We'd prefer for password Autofill to prompt when appropriate, but not
to over-prompt. Help very much welcome.

[chro...@googlecode.com]

Comment #123 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

On Thursday August 07 2014, rjvb...@gmail.com wrote regarding "Re: Issue
178358 in chromium: A pop up message "Google Chrome wants to use your

confidential information stored in your keychain. Do you want to allow
access to this item?" appears persistently"

So because a very vocal part of the user base isn't capable to avoid
getting unwanted prompts you just disable a very useful feature for the
rest of us? Right now I haven't seen articles all over the web on how
unusable Chrome is on OS X because of those pesky Keychain dialogs, so I
think "the rest" is actually the vast majority. I'm pretty sure that
disabling access to locked Keychains will drive a lot of us (including me)
to different browsers.

So PLEASE, until a better solution is implemented, AT LEAST add a (hidden)
setting that allows to KEEP THINGS AS THEY ARE.

I only get 1 unexpected and unwanted keychain unlock prompt, but that one
is on a single site where I think Chrome wants to store a copy of the creds
(or update the existing record) without prompting - causing an unlock
request for the default Keychain (the actual entry resides in a different
Keychain).

I've explained multiple times how to avoid getting prompts to unlock locked
Keychains containing an entry to which Chrome has access. I admit I don't
see the point in giving access to webform passwords to certain browsers and
not to others, so I cannot speak for what happens in that case. It's
possible that there is no negative of the "Always Allow" function, but I'd
be amazed if Apple considered it normal to bug the user each time an app
tried to access a Keychain entry to which it doesn't have access (instead
of only the 1st time).

I hope someone has studied the Keychain Programming Guide?!
https://developer.apple.com/library/mac/documentation/security/conceptual/keychainServConcepts/01introduction/introduction.html#//apple_ref/doc/uid/TP30000897-CH203-TP1

I'm going over KDE's interface to the OS X Keychain framework at the
moment, so I'll see if I find something useful. I'm willing to help, but
chances I can be of help will be very much higher if Chrome's codebase for
interacting with the Keychain can be isolated and worked on as a standalone
project that doesn't require building the whole browser. (I just don't
think I have the resources for that.)

[chro...@googlecode.com]

Comment #124 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

I've looked into the ACLs a bit more, for now on OS X 10.6.8. It would seem
there is only an inclusive ACL, not an exclusive list. That means that you
cannot lock out an application permanently from reading an entry. Also, and
contrary to what I thought, it would seem that reading the ACL requires
unlocking the Keychain first. This is apparent even in the Keychain Utility.

So when in Safari I open a webpage containing a login (ID+pw) box for which
I have stored the credentials, I get a *single* request to unlock the
relevant Keychain if it's not already unlocked. This is unavoidable if you
want to use the Keychain. When/if the Keychain is unlocked, and if the
entry has an ACL ("Allow all applications access" is not ticked) and Safari
is not on it, I get a *single* request to allow access. This appears to be
unavoidable too if you want to be able to read the entry.
Safari presents both dialogs once only - per page (re)load. If you cancel
the 1st only the public information is retrieved (the user name), and no
more dialogs are posted.

Is this what you consider appropriate prompting?

If so, how come Chrome doesn't detect when the user cancels a Keychain
unlock or access dialog but loops until access was obtained instead of
using a one-shot approach?

[chro...@googlecode.com]

Comment #125 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Doing the same tests on 10.9.4 suggests that there Safari remembers when
you cancel a Keychain dialog, for the duration of the session. After
cancelling, a dialog will only be presented again after you relaunch the
application.
I suppose Chrome already has a framework/class making it easy enough to
keep track of which stored data it should not try to access ...

[chro...@googlecode.com]

Comment #126 on issue 178358 by stuart...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

> I've explained multiple times how to avoid getting prompts to unlock
> locked Keychains containing an entry to which Chrome has access.

The reason this change was made, temporarily, is because of a regression in
how the password manager handles entries Chrome does *not* have access to
(e.g., those stored by other browsers). Once that's fixed I would expect
the change to be undone.

> I hope someone has studied the Keychain Programming Guide?!

I guarantee that insulting us won't make us more likely to take your
comments seriously.

[chro...@googlecode.com]

Comment #127 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

On Thursday August 07 2014, rjvb...@gmail.com wrote regarding "Re: Issue

178358 in chromium: A pop up message "Google Chrome wants to use your

confidential information stored in your keychain. Do you want to allow
access to this item?" appears persistently"

What caused that regression that makes it so hard to resolve that you have
to create a further regression?

What insult? Whether or not you (as in you yourself) take my comments into
account is up to you, but suggesting they might be taken for anything but
serious is something I would find offensive.

[chro...@googlecode.com]

Comment #130 on issue 178358 by wbor...@gmail.com: A pop up message "Google

Chrome wants to use your confidential information stored in your keychain.
Do you want to allow access to this item?" appears persistently
http://code.google.com/p/chromium/issues/detail?id=178358

The simplest answer is to add a fourth selection to the KeyChain dialog. Of
course since that's part of OSX, Apple would have to do it, and I doubt
that they'd be willing.

DENY ALWAYS

Would fix the issue.

Attachments:
KeyChain.jpg 185 KB

[chro...@googlecode.com]

Comment #131 on issue 178358 by stuart...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

> If I have to open the manager manually to look up the ID or which email
> address I used for a particular site

We're only talking about the case where Chrome doesn't have its own
metadata about the entry (e.g., it was created by another browser and has
never been used in Chrome before).

Once the password manager regression is fixed, and this change reverted,
the behavior for passwords that you have either stored from, or used once
before in, Chrome, will be exactly what it was before. (And for passwords
from other browsers, it will be what it was when Chrome launched on Mac in
the first place, which is that once you type the full username we treat it
as an intent to use that item, and "import" it into Chrome, after which it
behaves like the other passwords).

Mostly, you've been arguing that we shouldn't do things that we already
don't plan to do in the medium term anyway. In the short term, making this
change temporarily was the fastest way to address a regression that made
the browser almost unusable for some users. I get that you don't like the
temporary solution and want us to fix the regression right this minute
instead, but we have constraints on our time, and have to prioritize. Long
arguments in this bug are just taking more of our time, and making it take
even longer before we'll be able to get to a deeper solution.

[chro...@googlecode.com]

Comment #133 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

On Friday August 08 2014, rjvb...@gmail.com wrote regarding "Re: Issue
178358 in chromium: A pop up message "Google Chrome wants to use your

confidential information stored in your keychain. Do you want to allow
access to this item?" appears persistently"

...

My apologies if that was clearly stated on this thread and I missed it ...
I saw enough discussion of solutions that would me drive away from Chrome
to trigger my learned "react at once or you'll get told you had your
chance" reflex ...

I understand all that ...
The thing is that without further information about that regression, I
cannot help but guess that it's in the code that deals with the Keychain -
and that's almost necessarily a very small part of the whole code base
(probably a single source+header file at most). Which inevitably leads to
the question if it would really be so impossible to fix the regression
(possibly in a different manner that simply prevents the repeated
presentation of the unlock/access dialogs) before October (i.e. in almost 3
months).

I'll just cross my thumbs, and hope someone takes my request at heart to
prevent a switch (in chrome://flags) to revert to the current behaviour.
That'd also help if turns out that indeed you'll be getting many more users
complaining about missing functionality than you had about complaints about
pesky dialogs :)

R

[chro...@googlecode.com]

Comment #134 on issue 178358 by porcus...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Heres a simple question:

Why does Chrome prompt at all when a user has not checked anything
under 'Passwords and Forms' in Settings!??

The purpose of having a Settings panel is to allow users a choice in how an
application functions. Its pointless to have a settings section on
auto-form filling if then Chrome ignores it. Like some others I choose to
not have my browsers manage my passwords and form data, and when I choose
that option in the settings I expect it to be so.

[chro...@googlecode.com]

Comment #136 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

On Sunday August 10 2014, rjvb...@gmail.com wrote regarding "Re: Issue
178358 in chromium: A pop up message "Google Chrome wants to use your

confidential information stored in your keychain. Do you want to allow
access to this item?" appears persistently"

Do you use a sync profile? If so, that's not a web form password, and so
Chrome stores your credentials (in other words, you asked for it :) )

[chro...@googlecode.com]

Comment #137 on issue 178358 by matharo...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Please help this is so annoying.. I deletd all the google passwords from
keychain and this popup has not stopped from showing up.. I even
reinstalled chrome and resynced my profile but it doesn't stop...:(

[chro...@googlecode.com]

Comment #139 on issue 178358 by dmckni...@fosforus.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

Thanks for doing this erikc... I wish there was a way to fix this sooner
than October... re-entering the login password constantly (every 15 minutes
for me) is not a good way to make a professional developer enjoy using the
product!

[chro...@googlecode.com]

Comment #140 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
http://code.google.com/p/chromium/issues/detail?id=178358

On Friday August 15 2014, rjvb...@gmail.com wrote regarding "Re: Issue
178358 in chromium: A pop up message "Google Chrome wants to use your

confidential information stored in your keychain. Do you want to allow
access to this item?" appears persistently"

Hear hear ...

[chro...@googlecode.com]

Comment #141 on issue 178358 by dmckni...@fosforus.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently

https://code.google.com/p/chromium/issues/detail?id=178358

Thanks for the help on this erikc.

[chro...@googlecode.com]

Comment #143 on issue 178358 by aja...@earthlink.net: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

Since this GoogleChrome key chain problem has been an issue since the
beginning of 2013 , why has it not been resolved? Does not give me much
faith in GoogleChrome period.

[chro...@googlecode.com]

Comment #144 on issue 178358 by erikc...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

ajaink: Please describe the symptoms of your problem.

What version of Chrome are you running? (Navigate to chrome://version/)

1. Do you see the keychain prompt every time you launch Chrome, or only
sometimes?
2. Does it appear multiple times, or only once?
3. What is the wording of the prompt? Is it asking you to unlock your
keychain, or to grant access to a specific keychain entry?

[chro...@googlecode.com]

Comment #145 on issue 178358 by dmckni...@fosforus.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

ajaink, make sure you are using the latest version...

As I thanked erikc for, this problem was fixed for me well before the
promised M38 update back in September.

[chro...@googlecode.com]

Comment #146 on issue 178358 by sam.stei...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

erikc: Version 39.0.2171.95 (64-bit)
1. every time I start chrome I get the infinite stream of keychain prompts;
the only way out is "force quit".
2. multiple times.
3. "google chrome wants to use your confidential information stored
in "192.168.1.1" in your keychain. Do you want to allow access to this
item?" Buttons: "always allow", "deny", "allow".

[chro...@googlecode.com]

Comment #147 on issue 178358 by erikc...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

Thanks for the info, sam! If you can perform some quick debugging steps, it
will go a long way to helping us find out what's going on.

1. Open Keychain Access application. (Use spotlight to search for 'Keychain
Access')
2. In the search field in the top right, type in 192.168.1.1
3. How many results are there? (I expect there will be exactly 1)
4. Under the "Kind" column, what does it say? Same for the "Keychain"
column?
5. Right click the item, select "Get Info"
6. Under the Access Control Tab, Which radio box is selected? How many
elements are under the section "Always allow access by these
applications:". Does Google Chrome show up multiple times?

[chro...@googlecode.com]

Comment #148 on issue 178358 by sam.stei...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

Yes, just one.
kind="internet password"
keychain="login"
access control: "confirm before allowing access" (but not "ask for keychain
password").
always allow access for this apps: "chromium".

I think I misunderstood your question #2 in comment#144:

> 2. Does it appear multiple times, or only once?

Each host is asked about just once, but there are a gazillion hosts in the
keychain, and chrome would not shut up until it has asked me about each and
every one of them.
I have no idea how those hosts got there; and removing _all_ of them might
help, but I am not sure which can be safely removed and which are needed
by, say, wi-fi.
I guess I can kill them all and them enter the wifi passwords anew, but the
easier solution is to use firefox.
Also, I see no reason for chrome to ask about a host which is not being
accessed at the moment.

[chro...@googlecode.com]

Comment #149 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

There does appear to be something wonky with the way 10.9.x handle keychain
requests. I wrote a keychain "backend" for KDE's Wallet class, and some
applications started requesting permission to use their stored credentials
each time I start them. It's as if the permission is only remembered for
the time the application runs. My code is identical for 10.6 and 10.9, but
on the older OS version I do not get this deviant behaviour.

R.

[chro...@googlecode.com]

Comment #150 on issue 178358 by sam.stei...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

I experience this on 10.10.1 (14B25).

[chro...@googlecode.com]

Comment #153 on issue 178358 by sjcha...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

It's till happening for me (Chrome ver. 40.0.2214.111 (64-bit), Mac OS X
10.10.2). For me, it has nothing to do with accessing a site that requires
login; I get prompted for the same handful of sites every time I start
Chrome.

[chro...@googlecode.com]

Updates:
Status: Assigned

Comment #154 on issue 178358 by erikc...@chromium.org: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #155 on issue 178358 by kamil.fi...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

Still happens (Chrome ver 41.0.2272.104).

I found a workaround for this issue. Signing-out from Google Account or at
least disabling password sync with Google Account prevents Chrome from
accessing all passwords at startup. Hope this information helps with
investigation.

[chro...@googlecode.com]

Comment #156 on issue 178358 by rjvber...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

That would certainly explain why this has never been an issue for me: I'm
not trusting anyone with my passwords!

[chro...@googlecode.com]

Comment #157 on issue 178358 by sargent...@gmail.com: A pop up

message "Google Chrome wants to use your confidential information stored in
your keychain. Do you want to allow access to this item?" appears
persistently
https://code.google.com/p/chromium/issues/detail?id=178358

Google, this is really annoying me. I was happy to finally be using Chrome
again after it was upgraded to 64 bit. The 32-bit version crashed too many
times. But now it seems it is back to Safari and Firefox again. Lose me
once, I may come back. Lose me twice, you'll never see me again.
I am using 10.10.3 on Macbook Pro. Google Chrome Version 42.0.2311.90
(64-bit).