1. Home >
  2. Apps >
  3. Groups >

Google Chrome Security Flaw Exposes Passwords - Is It Good To Know?

Question asked by Ankita Katdare in #Hacking and Security on Aug 9, 2013
Ankita Katdare
Ankita Katdare · Aug 9, 2013
Rank A1 - PRO
Google Chrome isn't as secure as you would think. The recently exposed security flaw in the web browser has given the Google users a lot to talk about. It has come to the notice that anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. Since a user doesn't need a master password to see them, if you someone wants to view sensitive data like company login details, he would be able to do so if someone who used Chrome left their computer unattended with the screen active. In a blog post titled "Chrome’s insane password security strategy" developer Elliott Kember brought this security flaw to light. Indian IT companies are going to be cheering that they still advocate using Internet Explorer at work.

Well jokes apart, seeing these passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites and clicking beside them reveals the plain text of the password, screenshot of which will get you the key to all those personal and professional accounts. Therefore saving your passwords in Google Chrome doesn't look like such a good idea now, does it? Google's Head of Chrome Security, Justin Schuh, took to technology site Y Combinator to explain why Google doesn't require a master password in order to get at those other passwords. "We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security and encourage risky behavior," Schuh wrote. "We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because, in effect, that's really what they get."

google-chrome-security-flaw

If you compare this system with Apple's Safari or Microsoft's Internet Explorer, they require you type in the system password to view those passwords. If you have recently checked's Google's Good to Know website that keeps providing many password security tips, you would know that it is the safest to have encrypted password managers to save passwords. Now till a security patch comes along, it is best to not save passwords or use 'Remember Me' in your logins to personal accounts, important websites and banking services online. Be aware. Be safe. Posted in: #Hacking and Security
Sarathkumar Chandrasekaran
Rank A2 - PRO
Its an eyeopening news.Google chrome is one of the best browser to give you ease of surfing and if google want to maintain its customer base it should satisfy cusomers questions related to security.I will avooid storing password till the update the issue.
Jeffrey Arulraj
Jeffrey Arulraj · Aug 10, 2013
Rank A2 - PRO
https://www.crazyengineers.com/threa...r-shows-all-your-passwords.69840/#post-289759

I think this has already been covered in this segment

Hope I am not offending anyone Has that thread been promoted to Voice section
Anoop Kumar
Anoop Kumar · Aug 10, 2013
Rank A2 - PRO
Well this is Biased
If you compare this system with Apple's Safari or Microsoft's Internet Explorer, they require you type in the system password to view those passwords

Firefox has master password since 3.6. In other threads I have mentioned that this is one of the feature missing in chrome.

Now, save password is feature only to use when it's only your machine otherwise you shouldn't use it. Even if IE/Safari gives you password protection you can retrieve it.
https://www.nirsoft.net/utils/internet_explorer_password.html
https://www.maclife.com/article/howtos/how_recover_passwords_mac_os_x_keychain_access

IE is more dangerous as it dosn't have master password to encrypt data. I don't know safari has master password functionality or not.

It's not easy cake to crack Firefox as you can choose your own master password without which you can't see password. 👍
lovebox
lovebox · Aug 10, 2013
Rank C1 - EXPERT
Its much better to store passwords in our own little brain. But if that becomes a little tedious, we can always keep them in an encrypted file.
Nayan Goenka
Nayan Goenka · Aug 10, 2013
Rank B1 - LEADER
I am SHOCKED that you people didn't observe it till now. Seriously, I knew this thing since 10-12 versions back and I thought most of the people would know it already. I abused it many times with my friends' pc. 😛
(Shush! its a secret )
Abhishek Rawal
Abhishek Rawal · Aug 11, 2013
Rank A2 - PRO
Justin's comment on this security issue sounds logical/obvious. When you grant someone the access of your user account of OS, he/she can easily steal your details, hence if you wanna be secure & you're very much concerned about security, then simply don't grant anyone access to your account, simple.

However, in Firefox we have master password & Keys in Linux, hence double protection 😁

Screenshot from 2013-08-11 12:00:51

Screenshot from 2013-08-11 12:01:28

You must log-in or sign-up to reply to this post.

Click to Log-In or Sign-Up