Status: Unconfirmed Owner: tha...@chromium.org CC: hb...@chromium.org, su...@chromium.org, a...@chromium.org, jer...@chromium.org Labels: OS-Mac Area-BrowserUI Pri-2 Type-Bug Security
New issue 23219 by su...@chromium.org: IME should be disabled in password box. http://code.google.com/p/chromium/issues/detail?id=23219 Chrome Version : 4.0.219.3.0(27326) URLs (if applicable) : any webpage with a password box OS version : 10.5.8 Behavior in Safari 3.x/4.x (if applicable): Correct Behavior in Firefox 3.x (if applicable): Correct Behavior in Chrome for Windows: Correct What steps will reproduce the problem? 1. Open a webpage with a password box (eg. gmail.com's login page) 2. Try to enable IME and input something with IME in the password box. 3. What is the expected result? IME should not be enabled and used in a password box. What happens instead? IME can be enabled and can input text in a password box. Allowing IME in a password box should be considered as a serious security issue. Think about if an IME records all input of a user and sends them to a remote server, the user's password can easily be stolen in this way. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---