BannerPortlet

Blogs

Google released Google Chrome 2.0.172.30 on May 22, 2009. However, as far as we see this latest Beta version still lacks a fundamental feature to protect users from the risks posed by its saved password option.

Password saving is a default setting in Chrome. Chrome users are offered to save their passwords so that they do not have to type the passwords on their subsequent website accesses.

chromesavedpassword

However, Chrome does not provide a security solution for the saved passwords. This means that anyone using the authorized user’s computer is able to view all the passwords saved on it.

Unfortunately, being unaware of this risk, users may let other people use their computers for mail checking or web browsing. Consequently, a bad guy is capable of harvesting all the passwords saved on Chrome within some seconds.

chromesavedpassword3

Recommendations:

For Google Chrome Team

A master password which is once applied for Firefox 3 is a simple security solution in this case. Bkis recommends Google apply this mechanism to protect their users from password disclosure vulnerability.

ffsavedpassword

Master password on Firefox

For Google Chrome users

Do not save your password on Google Chrome if you often share your computer with other people.

Additional information

Right after Google Chrome’s launch on September, 2009, Bkis discovered a Buffer Overflow Vulnerability in its SaveAs Function, the first Critical Chrome Vulnerability permitting hacker to perform a remote code execution attack and take complete control of the affected system: http://blog.bkis.com/?p=119

By Nguyen Minh Duc / Manager - Application Security Department, Bkis

 

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet