Email
Password
Remember meForgot password?
    Log in with Twitter

Google Chrome security flaw exposes your saved passwords

By John Simon Ritchie     Aug 9, 2013 in Technology
A Google Chrome flaw found by software designer Elliot Kember allows anyone with access to your computer to find out all of your saved passwords with very little effort.
The flaw was found when Kember was importing his bookmarks from Safari to Google Chrome, the most widely-used web browser in the world, when he discovered along with his bookmarks, his previously saved passwords were also imported.
Kember further looked into this, and found that Google Chrome fails to protect passwords if you're logged into your computer and running Chrome. This means that anybody with access to your computer can view all of your stored passwords, simply by going into the advanced settings page, selecting the "Passwords and forms" option, and clicking "Manage saved passwords," where a full list of your passwords appears in an obscured text. But just by clicking the "Show" button, you can view all your passwords in plain English.
Elliot Kember shows how easy obtaining a stored password is on his website.
Elliot Kember shows how easy obtaining a stored password is on his website.
Elliot Kember
Justin Schuh, who works on Google Chrome's security responded, You think your passwords are protected somehow in other applications, but they’re simply not... So, you’re arguing that we take measures to make users think they’re safe when they’ve already surrendered any pretense of security. Effectively, you’re asking that we lull our users into a false sense of security.
Many have since criticized both Schuh's response and Chrome's lack of security, with even Tim Berners-Lee, British computer scientist and inventor of the World Wide Web tweeting that the response from the Chrome team was "disappointing."
Untitled
Google
Kember has said on his personal blog, "They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay."
Mozilla's Firefox, an alternative and rival to Google Chrome, has avoided this issue with the use of a master password, a password that one must enter before being able to view all stored passwords. This leaves Google with the choice to either follow its competitors and offer similar options, or to recognize that users may decide to start looking elsewhere for their web browser.
More about Google chrome, Passwords, Privacy, Security, Technology