Above, you can see a screenshot of my Chromium browser, open in my Lubuntu GNU/Linux installation. I have two passwords displayed, and clicking on SHOW will actually show me the top secret password I spent time constructing for my various web services.
There’s no master password, no security, not even a prompt that “these passwords are visible”. Visit chrome://settings/passwords in Chrome if you don’t believe me.and, this is highlighted in a follow-up blog post:
Just recently, software developer Elliot Kember discovered an “insane” security flaw in the Google Chrome web browser, which eventually began to stir up panic and debate all over the Internet. Kember revealed this via a blog post. He showed that Chrome’s setting panel has a password page that enables users to show the saved passwords in text format. You can see this yourself by going over to chrome://settings/passwords . Later on it was discovered that Firefox follows this same method to store passwords as well.Uninstalling Chrome, Chromium and Firefox (this also works on there) really isn't much of an option, is it? The question is, would this situation be any better on the other browsers available?
- Check out to see what your vulnerabilities are:
- Avoid saving passwords in the cloud, in your browser.
- Clean out your history, passwords, etc. Type the following command:
"Pshaw," I can hear it now, "I don't do anything top secret."
Check out Miguel's Workshop Materials online at http://mglearns.wikispaces.com
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure