Plain text logon details for email, social networks and company systems stored in browser's Settings panel.
A serious flaw in the security of Google's Chrome browser lets anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. No password is needed to view them.
Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.
Seeing the passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings…" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites - but clicking beside them reveals the plain text of the password, which could be copied, or sent via a screenshot to an outside site.
But the head of Google's Chrome developer team, Justin Schuh, said he was aware of the weakness and that there were no plans to change the system.
That response was described by Sir Tim Berners-Lee, the British inventor of the web, as "disappointing". He characterised the flaw as "how to get all your big sister's passwords".
Chrome is one of the three most widely-used browsers on desktops worldwide, along with Microsoft's Internet Explorer and Mozilla's Firefox. It has millions of users and is seen by some as crucial to Google's future efforts to monetise web use, by tying users to Google accounts and synchronising between their desktop and mobile systems.
Elliott Kember, a UK-based software developer from New Zealand who discovered the flaw, commented: "In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It's the mass market - the users. The overwhelming majority. They don't know it works like this. They don't expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay."
Source: https://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw
www.onlinerealityshow.com domain is for sale. If you are interested in buying, please contact us!
HUD display and navigation.
Tags
Google Chrome security flaw offers unrestricted password access
07/08/2013 17:04