What do you think? Is this really an issue that needs fixing?Whenever someone reports a vulnerability that requires local access to a system, a discussion erupts about whether that is really a vulnerability that needs fixing.
One side argues that it is, considering that there are numerous ways that someone could gain local access to a device. The other side argues that it is not, as an attacker can do anything on the machine anyway with local access (at the user's level).
A issue in Chrome was revealed recently by Lior Margalit on Medium that allows anyone with local access to a system running Chrome to steal saved data from the user account.
A prerequisite to that is that the actual user needs to be signed in to a Google account. If that is the case, an attacker can use the method to steal any sync data from the account including passwords, form field data, bookmarks, or the browsing history.