Results 1 to 6 of 6

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Chrome's Browser Password Storage Policy Under Fire

  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    4,250
    Thanks
    3
    Thanked 140 Times in 125 Posts

    Default Chrome's Browser Password Storage Policy Under Fire


    Google seems to be drawing criticism from several security commentators and tech media observers for what is supposedly a flaw in its Chrome browser. The flaw supposed allows anyone with access to a user’s computer to see all of the user’s passwords. Provided that an individual has access to a user’s device and is already past the operating system’s account password, one can directly view all of the passwords stored for email, social media, and other sites by simply navigating to Chrome’s settings panel.

    This specific flaw in the browser’s structure was pointed out by software developer Elliot Kember, who discovered it when importing his bookmarks from Apple’s Safari browser. The Chrome settings panel has a Saved passwords section that display the site name, the username and the password for any site where a user has saved the information. Passwords are initially hidden but by simply selecting the site’s row, a user can make a button appear to show the password for a site. Chrome requires no additional password entry to show site passwords either. To be quite fair here, Mozilla’s Firefox browser operates in the same way, giving the user a dialog box that asks “”Are you sure you want to show your passwords?” without asking for further verification.

    On the other hand, Apple’s Safari browser pops up a dialog requiring that a user enter the password for the currently logged in ID on that computer. Without this password, Safari won’t show the password to others. According to Kember, the issue represents a flaw in Chrome’s password storage and therefore in the browser’s security. In a response to the controversy, the tech lead for Chrome’s browser security team said that they found the “boundaries within the OS user account [to protect passwords even when a user is logged in] just aren’t reliable, and are mostly just theater.” The “vulnerability” does require that a snooping user already be logged into another user’s account on a machine. The Chrome team is aware of the password opening and despite the controversy will not adjust this specific aspect of security.

    Source: Elliot Kember (blog)

    Twitter: @AkshayMasand

  2. #2
    as a network administrator, I find this vulnerability offensive!

    you should know better than that Google!

  3. #3
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,011
    Thanks
    116
    Thanked 128 Times in 98 Posts

    No device is secure if the user has access to the machine. Admin passwords can be changed easily with the command prompt or terminal.
    Last edited by slim.jim; 08-08-2013 at 12:34 AM.

  4. #4
    If you already have access to the PC then its not a vulnerability as you already have full access so who cares.
    I really like this newly found feature. I use multiple browsers so if I forget a password I now know where to look to see what it is.

  5. #5
    As they mentioned Firefox does the same thing and i always just lock my MacBook anyway and never liked Chrome cause you can't change the cache size. I know a lame excuse but I've seen so much drive activity from using chrome i had to get rid of it.

  6. #6
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,011
    Thanks
    116
    Thanked 128 Times in 98 Posts

    Quote Originally Posted by LrdBane View Post
    As they mentioned Firefox does the same thing and i always just lock my MacBook anyway and never liked Chrome cause you can't change the cache size. I know a lame excuse but I've seen so much drive activity from using chrome i had to get rid of it.
    I ditched Firefox because with a few pinned tabs (4) it was taking over a minute to load them before I could do anything. Chrome starts up in a few seconds with the same tabs pinned.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •