Google released Google Chrome on May 22, 2009. However, as far as we see this latest Beta version still lacks a fundamental feature to protect users from the risks posed by its saved password option.

Password saving is a default setting in Chrome. Chrome users are offered to save their passwords so that they do not have to type the passwords on their subsequent website accesses.


However, Chrome does not provide a security solution for the saved passwords. This means that anyone using the authorized user’s computer is able to view all the passwords saved on it.

Unfortunately, being unaware of this risk, users may let other people use their computers for mail checking or web browsing. Consequently, a bad guy is capable of harvesting all the passwords saved on Chrome within some seconds.



For Google Chrome Team

A master password which is once applied for Firefox 3 is a simple security solution in this case. Bkis recommends Google apply this mechanism to protect their users from password disclosure vulnerability.


Master password on Firefox

For Google Chrome users

Do not save your password on Google Chrome if you often share your computer with other people.

Additional information

Right after Google Chrome’s launch on September, 2009, Bkis discovered a Buffer Overflow Vulnerability in its SaveAs Function, the first Critical Chrome Vulnerability permitting hacker to perform a remote code execution attack and take complete control of the affected system:

By Nguyen Minh Duc / Manager - Application Security Department, Bkis


Leave a Reply

Name (required)
Mail (hidden) (required)
Text to Identify

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet


Store Portlet


Vote Baby Portlet