Your chrome passwords for all to see

gizmoy2k

gizmoy2k

gizmoy2k

Soldato
Joined
3 May 2004
Posts
3,019
Location
Scotland
gizmoy2k said:
http://www.telegraph.co.uk/technology/internet-security/10228714/Google-Chrome-flaw-exposes-user-passwords.html

Simply type chrome://settings/passwords into address bar and you can reveal any passwords, including twitter and facebook.

Quite a gaffe i think, any like minded person could hijack a friends twitter of FB account in seconds

Would think google will sort something out for this quickly but from reading around they see it as more of a feature :confused:
Click to expand...

Well, if you ask it to save your passwords for everything, like any browser, people will be able to hijack your accounts if they have access to your pc.
 
oftware developer Elliott Kember stumbled across the vulnerability when importing his bookmarks from Apple's Safari browser to Google Chrome. He discovered that it was mandatory to import saved passwords from one browser to the other – something he described as 'odd'.
Click to expand...

He's a software developer and it took him this long to figure it out? Wow.
 
Jono8 said:
Well, if you ask it to save your passwords for everything, like any browser, people will be able to hijack your accounts if they have access to your pc.
Click to expand...

Very true but at least that way you don't actually see the password,

I think this exposes a lot more, you could guess other site logins and passwords from the info you see.

Also you could sit on the password for a quite sometime before using it for malicious reasons
 
The passords are similarly revealed if you go into chrome settings and saved passwords. Nothing new. I've been using it to remind me of passwords when I've forgotten for quite a while.

chrome.PNG
 
Last edited:
You could also use the software from nirsoft the reveals all the passwords on windows computers. Hope i didn't break rules by mentioning that, but people need to know it exists to protect themselves against the threat. But if you are on ie 9+ then some passwords are not revealed with nirsoft browser pass anymore. But if you are on older browsers all the passwords are available by using that software.
 
Unless you do something special, like use TrueCrypt, virtually anything that you choose to save on your PC is accessible to someone logged onto your PC as you. Is that not common sense?
 
How the hell is this news? "Web browser settings panel allows access to web browser settings" - really, Sherlock?
 
Nexy said:
Unless you do something special, like use TrueCrypt, virtually anything that you choose to save on your PC is accessible to someone logged onto your PC as you. Is that not common sense?
Click to expand...

If the ask a media outlet, it's elite haxxoring
 
This is not news. Its been a handy feature in Chrome for me for a long time. It isn't even just chrome, you can do it in FF too.

- GP
 
Fact. If you leave your key in the ignition and vacate the car, someone has the ability to turn said key and drive off.

Hyburnate said:
He's a software developer and it took him this long to figure it out? Wow.
Click to expand...

Given the fact that he's only just exporting from Safari now suggests that "software engineer" translates loosely as "user of a computer".
 
Last edited:
AJK said:
How the hell is this news? "Web browser settings panel allows access to web browser settings" - really, Sherlock?
Click to expand...

My thoughts exactly, and browsers storing and displaying passwords is hardly news. :confused: Firefox has done it for years.

This is just more, OMG GOOGLE WANT INTO YOUR BRAIN Fear mongering
 
You must log in or register to reply here.
Back
Top Bottom