Google Chrome Security Flaw Exposes Passwords - Is It Good To Know?
Google Chrome isn't as secure as you would think. The recently exposed security flaw in the web browser has given the Google users a lot to talk about. It has come to the notice that anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. Since a user doesn't need a master password to see them, if you someone wants to view sensitive data like company login details, he would be able to do so if someone who used Chrome left their computer unattended with the screen active. In a blog post titled "Chrome’s insane password security strategy" developer Elliott Kember brought this security flaw to light. Indian IT companies are going to be cheering that they still advocate using Internet Explorer at work.
Well jokes apart, seeing these passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites and clicking beside them reveals the plain text of the password, screenshot of which will get you the key to all those personal and professional accounts. Therefore saving your passwords in Google Chrome doesn't look like such a good idea now, does it? Google's Head of Chrome Security, Justin Schuh, took to technology site Y Combinator to explain why Google doesn't require a master password in order to get at those other passwords. "We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security and encourage risky behavior," Schuh wrote. "We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because, in effect, that's really what they get."
If you compare this system with Apple's Safari or Microsoft's Internet Explorer, they require you type in the system password to view those passwords. If you have recently checked's Google's Good to Know website that keeps providing many password security tips, you would know that it is the safest to have encrypted password managers to save passwords. Now till a security patch comes along, it is best to not save passwords or use 'Remember Me' in your logins to personal accounts, important websites and banking services online. Be aware. Be safe.
Well jokes apart, seeing these passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites and clicking beside them reveals the plain text of the password, screenshot of which will get you the key to all those personal and professional accounts. Therefore saving your passwords in Google Chrome doesn't look like such a good idea now, does it? Google's Head of Chrome Security, Justin Schuh, took to technology site Y Combinator to explain why Google doesn't require a master password in order to get at those other passwords. "We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security and encourage risky behavior," Schuh wrote. "We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because, in effect, that's really what they get."
If you compare this system with Apple's Safari or Microsoft's Internet Explorer, they require you type in the system password to view those passwords. If you have recently checked's Google's Good to Know website that keeps providing many password security tips, you would know that it is the safest to have encrypted password managers to save passwords. Now till a security patch comes along, it is best to not save passwords or use 'Remember Me' in your logins to personal accounts, important websites and banking services online. Be aware. Be safe.
0
