In this post I am going to show how we can uncover very sensitive info from Chrome thumbnails in three easy steps. The current, can also be titled as what a bad user can see whenever he/she has physical access to your box.
Google Chrome take screenshots from sites we visited in order to provide them for easy & quick access on the new tab action (image 1).
In the above picture we can see that the 4th thumbnail indicates a logged-in screen-shot from an e-bank account. Also, note that the specific user has already logged-out from this bank-account but Chrome still keeps the screen-shot taken when the user was logged-in!
The question now is, how (and if) it is possible to enlarge this specific thumbnail to a more readable size. The answer to the above questions is "Yes we can", just pay attentions to the following two images. First (image 2), we delete all non-interested thumbnails (using the default Chrome browser developer tools - aka F12) in order to relocate out target thumbnail into the upper left corner.
Then, we can just change the main IDs of the Class tags to a non-existence name in order to make the thumbnail change to its original size (image 3)...
Note that the above info is just an example. Chrome will take screen-shots at any time, any site w/o asking your default permissions, independent you are logged-in or not! Thus, e-banking images, emails, blogs, personal and private sites can be exposed randomly!
I consider this as a violation of the first factor of the Security Triad, the Confidentiality! The above issue has been referred to Chrome Bugs Matrix references here, (currently Unconfirmed).
Google Chrome take screenshots from sites we visited in order to provide them for easy & quick access on the new tab action (image 1).
 |
| Image 1: Ops, There is an e-banking thumbnail here! |
In the above picture we can see that the 4th thumbnail indicates a logged-in screen-shot from an e-bank account. Also, note that the specific user has already logged-out from this bank-account but Chrome still keeps the screen-shot taken when the user was logged-in!
The question now is, how (and if) it is possible to enlarge this specific thumbnail to a more readable size. The answer to the above questions is "Yes we can", just pay attentions to the following two images. First (image 2), we delete all non-interested thumbnails (using the default Chrome browser developer tools - aka F12) in order to relocate out target thumbnail into the upper left corner.
 |
| Image 2: remove non-interested thumbnails |
 |
| Image 3: Just change some div IDs... and voila! |
Note that the above info is just an example. Chrome will take screen-shots at any time, any site w/o asking your default permissions, independent you are logged-in or not! Thus, e-banking images, emails, blogs, personal and private sites can be exposed randomly!
I consider this as a violation of the first factor of the Security Triad, the Confidentiality! The above issue has been referred to Chrome Bugs Matrix references here, (currently Unconfirmed).
