facebook
twitter
rss
account
search
search
 

Problems found with Google Chrome browser's handling of passwords

Aug. 9, 2013 at 5:33 PM   |   Comments

NEW YORK, Aug. 9 (UPI) -- Allowing Google's Chrome browser to save your Facebook or e-mail passwords so you don't have to type them is convenient but could put them at risk, experts say.

The security flaw in the Chrome browser was uncovered by Web designer Elliot Kember when he went to transfer bookmarks from his Safari browser to Chrome on his Apple computer.

In doing so, he discovered importing bookmarks into Chrome automatically defaults to also bringing over your saved password.

A setting option to disable the password import doesn't work on a Mac, he said.

Google has confirmed automatic syncing of passwords from Safari browsers was a bug in the Mac version of Chrome and says it will have a fix soon.

"Thanks to our users, who discovered a bug in Chrome's import interface, which improperly represents how passwords are handled upon import from other browsers," Google said in a statement provided to ABC News. "We developed a fix to better represent how passwords are handled across platforms, which will roll out to all users soon."

However, Kember said, that fix won't solve another problem; if you do import those passwords to Chrome they, and any other passwords you have saved in the browser, are completely unprotected.

Typing chrome://settings/passwords in the Chrome address bar reveals saved passwords and user names for the websites you visit, he said.

"There's no master password, no security, not even a prompt that 'these passwords are visible,'" Kember wrote on his blog, noting anyone with access to your computer could see the saved passwords.

In response, Google Head of Chrome Security Justin Schuh explained Google's choice to not require a master password.

"We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security and encourage risky behavior," Schuh wrote. "We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because, in effect, that's really what they get."

Topics: Google
© 2013 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Most Popular
1
Massive sunspot sending violent flares toward Earth Massive sunspot sending violent flares toward Earth
2
Google exec breaks skydive record with dive from near-space Google exec breaks skydive record with dive from near-space
3
Powerful new microscope sees cell division in real time Powerful new microscope sees cell division in real time
4
Stone tools reveal Ice Age settlement in the Andes Stone tools reveal Ice Age settlement in the Andes
5
Coal-rich Poland wants concessions in EU climate deal Coal-rich Poland wants concessions in EU climate deal
Trending News
Around the Web
x
Feedback