Aren’t modern browsers great? They have loads of great features, like remembering your passwords and auto-filling them in for you whenever needed. But what if those stored passwords were easily discoverable by anyone with access to your computer?
That’s the situation with Google Chrome. Going through the Settings UI to password management allows you to view all plain text passwords with just a single click. No hacking needed! Of course, in order to do this, the intruder would need physical access to your logged in machine, but that’s not exactly uncommon in communal environments such as your home or work.
Needless to say, the Twitterati are up in arms, with everyone asking Google why there isn’t an extra layer of security to stop this trivial exploit. This has been responded to by Justin Schuh, Chrome’s Head of Security in a post on Y Combinator. Schuh basically says that this would create a false sense of security as once someone has access to your logged in system the game is already lost. While this would be the case if your system was accessed by Kevin Mitnick, I’m pretty confident that even rudimentary measures would be enough to put off the people most likely to actually have access to your logged in hardware (friends, family and colleagues).
From that perspective, it’s a bit of a disappointing response. In the meantime, we’d advise all your Chrome users to keep your unattended computers locked and use Google’s (awesome) two factor authentication to stay secure. Or you could just switch to another browser.
On reading that on the internet yesterday and checking my PC I immediately uninstalled Chrome from the PC. Unfortunately I can’t uninstall it from my phone Galaxy S3)
Switch to another browser? Firefox is exactly the same! This has been blown out of proportion, I am with Google on this one.