3Likes
LinkBack URL
About LinkBacksIt recently turned out that a serious vulnerability in Google’s Chrome browser allows anyone to access someone’s machine and obtain all the passwords stored for email, social media and other websites, right from the settings panel. The intruder won’t need any password to view the data.
Aside from personal accounts, sensitive corporate login details would also be compromised if an employee using Chrome leaves his PC unattended with the screen active. The security experts found out that you can see the passwords by simply clicking on the Settings icon and choosing “Show advanced settings” and “Manage saved passwords” in the tab “Passwords and forms”. Then you can see a list of obscured passwords for websites, while clicking beside them would reveal the plain text of the password.
In the meantime, the head of Chrome developer team admitted they were aware of the flaw but had no plans to change the system. At the moment, Google Chrome is one of the 3 most popular browsers on desktops, the other two being Microsoft’s IE and Mozilla’s Firefox. The browser has millions of users and is regarded by some as essential to the company’s future efforts to monetize web use, by tying users to their Google accounts and synchronizing between their desktop and mobile systems.
A software developer who revealed the vulnerability pointed out that Chrome’s audience is mainly inexperienced users who don’t realize it works like that and don’t expect it to be so easy to steal their passwords. The security experts remind that other browsers have previously had similar problems with password visibility – and closed them. Three years ago, Firefox was revealed to use the same “plain text” storage that Google’s browser is being criticized for, and ended up with adding a master password option requirement. As for IE, some of its versions also had the same failings. Finally, Safari requires the user to provide a master password before revealing stored passwords.
Google developers claimed that they don’t support a master password because they don’t want to provide users with a false sense of security or encourage risky behavior. Internet users should understand that when they grant someone access to their OS user account, those can get at everything.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
08-23-2013 #1Extreme User
- Reputation Points
- 7581
- Reputation Power
- 100
- Join Date
- Jan 2012
- Posts
- 3,410
- Time Online
- 27 d 16 h 20 m
- Avg. Time Online
- 9 m
- Mentioned
- 23 Post(s)
- Quoted
- 15 Post(s)
- Liked
- 1476 times
- Feedbacks
- 44 (100%)
Chrome Browser Vulnerability Allow Unrestricted Password Access
Reply With Quote
