Current category:General

Google Chrome security hole

chrome logo crossedA scorned girlfriend, a visit from a friend of a friend or intruders are all people you probably don’t want snooping around your personal things right?

You probably don’t want to hand them the keys to all your personal passwords? Well unfortunately most who use Google Chrome’s browser are without their knowledge giving people with bad intentions the possibility to get their hands on those passwords.

Since 2008 it has been possible to simply look up all your stored passwords in your Chrome browser.

Granted most of us save our login for easy access to Facebook or Gmail but these passwords are of course encrypted with little stars *********.

This standard form of encryption is just not something Chrome enforces that well in its settings. If you go to your settings in Chrome:

 Chrome Settings

And go to advanced settings you will be able to view your saved passwords:

Chrome Advanced Settings

Click “Manage Saved Passwords” and here it is possible to reveal the entire password by just clicking the “Show” button:

Chrome passwords

But you agreed to this when you signed up for Chrome right? No! They don’t even supply a prompt telling you that “passwords will be visible”. So now that Google are aware of this exists they will of course fix this as soon as possible? No! Justin Schuh who is the Chrome Browser Security Tech Lead says the following:

We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works. We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that’s really what they get.”

A feeble attempt to explain why they intentionally and easily makes it available to anyone who goes to your computer. This response has of course evoked a lot of anger and many have abandoned Chrome due to this. What can I as a Chrome user do?

1. Erase all saved passwords in the browser and disable “Offer to save passwords I enter on the web

Yes it’s really that simple. Now go warn your friends not to use this feature any more.

GD Star Rating
Google Chrome security hole, 5.0 out of 5 based on 2 ratings

About Philip Mahler

VP of Marketing at SPAMfighter. Find me on Google+, Twitter or LinkedIn
This entry was posted in General. Bookmark the permalink.

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *