facebook
twitter
rss
account
search
search
 

Problems found with Google Chrome browser's handling of passwords

Aug. 9, 2013 at 5:33 PM   |   Comments

NEW YORK, Aug. 9 (UPI) -- Allowing Google's Chrome browser to save your Facebook or e-mail passwords so you don't have to type them is convenient but could put them at risk, experts say.

The security flaw in the Chrome browser was uncovered by Web designer Elliot Kember when he went to transfer bookmarks from his Safari browser to Chrome on his Apple computer.

In doing so, he discovered importing bookmarks into Chrome automatically defaults to also bringing over your saved password.

A setting option to disable the password import doesn't work on a Mac, he said.

Google has confirmed automatic syncing of passwords from Safari browsers was a bug in the Mac version of Chrome and says it will have a fix soon.

"Thanks to our users, who discovered a bug in Chrome's import interface, which improperly represents how passwords are handled upon import from other browsers," Google said in a statement provided to ABC News. "We developed a fix to better represent how passwords are handled across platforms, which will roll out to all users soon."

However, Kember said, that fix won't solve another problem; if you do import those passwords to Chrome they, and any other passwords you have saved in the browser, are completely unprotected.

Typing chrome://settings/passwords in the Chrome address bar reveals saved passwords and user names for the websites you visit, he said.

"There's no master password, no security, not even a prompt that 'these passwords are visible,'" Kember wrote on his blog, noting anyone with access to your computer could see the saved passwords.

In response, Google Head of Chrome Security Justin Schuh explained Google's choice to not require a master password.

"We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security and encourage risky behavior," Schuh wrote. "We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because, in effect, that's really what they get."

Topics: Google
© 2013 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Most Popular
1
NASA says they found smallest known galaxy with a black hole NASA says they found smallest known galaxy with a black hole
2
Facebook reportedly creating another photo sharing app Facebook reportedly creating another photo sharing app
3
Study: Chimps are natural born killers Study: Chimps are natural born killers
4
Martian meteorite proof that Mars could host life Martian meteorite proof that Mars could host life
5
Dogs are the favorite food of leopards in rural India Dogs are the favorite food of leopards in rural India
Trending News
Video
x
Feedback