Google Chrome Security Flaw Exposes Passwords - Is It Good To Know?

Google Chrome isn't as secure as you would think. The recently exposed security flaw in the web browser has given the Google users a lot to talk about. It has come to the notice that anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. Since a user doesn't need a master password to see them, if you someone wants to view sensitive data like company login details, he would be able to do so if someone who used Chrome left their computer unattended with the screen active. In a blog post titled "Chrome’s insane password security strategy" developer Elliott Kember brought this security flaw to light. Indian IT companies are going to be cheering that they still advocate using Internet Explorer at work.

Well jokes apart, seeing these passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites and clicking beside them reveals the plain text of the password, screenshot of which will get you the key to all those personal and professional accounts. Therefore saving your passwords in Google Chrome doesn't look like such a good idea now, does it? Google's Head of Chrome Security, Justin Schuh, took to technology site Y Combinator to explain why Google doesn't require a master password in order to get at those other passwords. "We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security and encourage risky behavior," Schuh wrote. "We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because, in effect, that's really what they get."

google-chrome-security-flaw

If you compare this system with Apple's Safari or Microsoft's Internet Explorer, they require you type in the system password to view those passwords. If you have recently checked's Google's Good to Know website that keeps providing many password security tips, you would know that it is the safest to have encrypted password managers to save passwords. Now till a security patch comes along, it is best to not save passwords or use 'Remember Me' in your logins to personal accounts, important websites and banking services online. Be aware. Be safe.

Replies

  • Sarathkumar Chandrasekaran
    Sarathkumar Chandrasekaran
    Its an eyeopening news.Google chrome is one of the best browser to give you ease of surfing and if google want to maintain its customer base it should satisfy cusomers questions related to security.I will avooid storing password till the update the issue.
  • Jeffrey Arulraj
    Jeffrey Arulraj
    #-Link-Snipped-#

    I think this has already been covered in this segment

    Hope I am not offending anyone Has that thread been promoted to Voice section
  • Anoop Kumar
    Anoop Kumar
    Well this is Biased
    If you compare this system with Apple's Safari or Microsoft's Internet Explorer, they require you type in the system password to view those passwords

    Firefox has master password since 3.6. In other threads I have mentioned that this is one of the feature missing in chrome.

    Now, save password is feature only to use when it's only your machine otherwise you shouldn't use it. Even if IE/Safari gives you password protection you can retrieve it.
    IE PassView - Password Manager Program for Internet Explorer and Microsoft Edge
    #-Link-Snipped-#

    IE is more dangerous as it dosn't have master password to encrypt data. I don't know safari has master password functionality or not.

    It's not easy cake to crack Firefox as you can choose your own master password without which you can't see password. 👍
  • lovebox
    lovebox
    Its much better to store passwords in our own little brain. But if that becomes a little tedious, we can always keep them in an encrypted file.
  • Nayan Goenka
    Nayan Goenka
    I am SHOCKED that you people didn't observe it till now. Seriously, I knew this thing since 10-12 versions back and I thought most of the people would know it already. I abused it many times with my friends' pc. 😛
    (Shush! its a secret )
  • Abhishek Rawal
    Abhishek Rawal
    Justin's comment on this security issue sounds logical/obvious. When you grant someone the access of your user account of OS, he/she can easily steal your details, hence if you wanna be secure & you're very much concerned about security, then simply don't grant anyone access to your account, simple.

    However, in Firefox we have master password & Keys in Linux, hence double protection 😁

    Screenshot from 2013-08-11 12:00:51

    Screenshot from 2013-08-11 12:01:28

You are reading an archived discussion.

Related Posts

Recently, astronomers observed a blue moving planet using Hubble Space Telescope. Now, NASA has discovered a large new planet, colored a deep magenta and just 57 light years from earth....
scp -r testuser@10.0.5.215:/home/testuser/tmp/hello.txt /home/elcot/hello.txtI've used the above command to copy the file located at the server:10.0.5.215, location: /tmp/hello.txt username: testuser to my local machine local-username: elcot.... Could anyone help me...
Blood clots inside brain could be fatal. Whenever a blood vessel bursts, the blood leaks out of the vessel and then forms a clot. In medical terms, it's called intracerebral...
what is the controller is to be used to operate a stepper motor ? ? when the input is a sensor ?
Now a days, most of the government exams are made as online exam. Is it a good scenario for candidate point of view. There is lot of difference between attending...