Press "Enter" to skip to content

Google Chrome flaw exposes user passwords

Recent flaw in Google Chrome let’s any user to see all the stored password directly from Control Panel Settings. Google Chrome flaw exposes user passwords:

 

Chrome’s insane password security strategy

Just type : chrome://settings/passwords on the search bar and hit Enter. You will find a list of sites, id and passwords. the passwords are hidden, but once you click on the show button besides it, surprisingly it shows all your password. I was myself surprised to see that. My friends who know my Win 7 OS Login Password could have easily known my facebook, gmail and lots other important websites details.

Chrome’s insane password security strategy

 

Chrome’s insane password security strategy
Image showing the password after clicking the SHOW button

“In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It’s the mass market – the users. The overwhelming majority,” said Elliott Kember, Software developer.

He added,”They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.”

Elliott rightly said in his blog : Chrome’s insane Password security strategy.

[Update] Justin tweeted : If you think saved passwords are safe from someone at your keyboard, then you've proven my point about a false sense of security.
He even argued about the flaw in ycombinator. He said,"I'm the Chrome browser security tech lead, so it might help if I explain our reasoning here. The only strong permission boundary for your password storage is the OS user account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we've found that boundaries within the OS user account just aren't reliable, and are mostly just theater."

How to keep your passwords and ids safe?

  • Don’t click on save password
  • But, what if you have hundreds of id and pass. Simple, don’t share your admin id and pass with anyone else.

For more such updates stay tuned with us.