Google’s Chrome browser and operating system may be revealing your secret passwords to everyone from coworkers to absolute strangers.
One of the most popular features of Chrome is its ability to store passwords. That way they pop up automatically when you go to a function like email or Facebook. Elliot Kember, a software developer, discovered that anybody who clicks on the Chrome settings icon can see all of the passwords on that computer if he or she goes to the show advanced settings and passwords and forms sections.
The passwords are obscured, but clicking next to them causes them to appear in plain text. The text can be easily copied and emailed or seen by anybody that uses the computer. That means it would be easy for a hacker or malicious stranger that opened a computer with Chrome on it to see all of your passwords.
What’s really disturbing is that the head of Chrome development at Google, Justin Schuh, told The Guardian that he knows all about the flaw. Worse, Schuh said that there are no plans to correct it. In a piece he wrote on the website ‘Hacker News’, Schuh explained:
One has to wonder why this flaw has not been fixed. It would certainly make a hacker’s job easier, let alone the job of the NSA or spy agency. If the source computer used Chrome, all the hacker would have to do is go to the settings icon to get the user’s email passwords. One security expert told The Guardian:“…we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything.”
It has been revealed that large Internet companies such as Google and Microsoft have worked closely with the National Security Agency. There is even evidence that Skype (now part of Microsoft) helped the NSA get easy access to customer data. Therefore we need to ask, is this flaw actually helping these companies access your data even easier than before?“The fact you can view the passwords means they are stored in reversible form which means that the dark coders out there will be writing a Trojan to steal that password store as we speak.”
The surveillance state might be making it easier than ever for hackers to steal our personal information. The quest for national security appears to be endangering the security of the private individual.
Check out some examples
Installation-ID
A copy of Google Chrome includes a generated installation number which will be sent to Google after the installation and the first usage. It gets deleted when Chrome checks first time for updates.If Chrome is received as part of a promotional campaign, it may generate a unique promotion number which is sent to Google on the first run and first use of Google Chrome.
Suggest
Depending on the configuration, each time you put something in the address line,this information is sent to Google to provide suggestions.
Alternate Error Pages
Depending on the configuration, if you have typed a false address in the adress bar, this is sent to Google and you get an error message from Google's servers.
Error Reporting
Depending on the configuration, details about crashes or failures are sent Google's servers.
RLZ-Tracking
This Chrome-function transmits information in encoded form to Google, for example, when and where Chrome has been downloaded.
Google Updater
Chrome installs a updater, which loads at every Windows in background.
URL-Tracker
Calls depending on the configuration five seconds after launch the Google homepage opens in background