Stored the data entered with the keyboard in the Chrome memory dump.

[Kyoung-Hun Lee]

Hi, all.

I checked the memory dump to see, if the Chrome memory contained sensitive information.

As a result of the checked, I found that the keyboard input data was stored in the memory as it was. It's not a problem with the service provider's application(web), it's a problem with Chrome itself.

Even if the keyboard was entered in an empty space not on input field, the entered data was stored in memory.

And it stayed in memory until the next input.

The picture below is the result of the test that I entered keyboard after clicked on an empty place, not the search field.

First I entered "asdfg" and then "qwertyui".

We have confirmed that the issue has already been discussed.

https://groups.google.com/a/chromium.org/forum/embed/#!topic/chromium-dev/an_Ate_C86c

But in my opinion, the memory stay that entered keyboard is a vulnerability.

In general, people rarely use the keyboard after logging in to read mail, check calendars, or monitor the system.

Also, users think that it's safe to log out.

Therefore, you can create an Attackable scenarios shown on below.

1. The user reads the mail after logging in.

2. The user who has read all the mail logs out.

3. Move away without turning off Chrome. (The PC is logged on.)

4. The attacker pops up a Chrome memory dump on the user's PC.

5. The attacker infers the user ID and retrieves the keyboard input data. (computer can be accessed, the user's ID can be easily known.)

6. The attacker can check the user's ID and password.

Of course, there is not one vulnerability in the above scenario, and it includes the user's fault(the act of leaving the PC logged on).

the others  think that  is the same of  write down the ID and PASSSWORD on postit. However in my opinion, It's the different between  write down the ID and PASSSWORD on postit and memory stay that entered keyboard. 

First, in case a, the user is leading the situation and is aware of the problem. You can also be aware of possible problems.

But in case b, the user is not leading the situation and is not aware of the problem.

It can not recognize that the problem can occur with related vulnerability.

That's all for pose of the issue.

Finally, it is questionable why keyboard input data is stored in memory,

I'm wondering if there is any way to force that data to be erased or overwritten.

best regards.

[K. Moon]

This sort of question comes up repeatedly. You might want to read this FAQ answer:

https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

[Kyoung-Hun Lee]

Thanks for reply.

I have read about the answers that you sent me.

However, even without high level technique such as DLL modulation, It's possible to simply attack the problem.

The same problem occurs in secret mode.

2021년 3월 9일 화요일 오전 4시 55분 4초 UTC+9에 km...@chromium.org님이 작성:

[K. Moon]

The key point in the FAQ is that local attacks are not part of Chrome's threat model. Chrome does not try to be resilient to someone with local access to a memory dump.