A security bug has been discovered in Google Chrome browser that allows the software to automatically display users’ saved passwords while importing bookmarks from other browser.
According to ABC News, the web designer, Elliott Kember discovered the flaw while importing his bookmarks from Safari browser to Chrome and found that while there is a check mark to disable the password import it can’t be unchecked on an Apple Mac device.
Google said that it would release the patch soon to users to better represent how passwords are handled across all platforms including syncing of passwords from Safari to Mac version of Chrome.
However, there is another bug in the browser found by Kember which states that if one imports those passwords to Chrome all the saved passwords are completely unprotected. By typing in
chrome://settings/passwords in Chrome address bar one can see the saved passwords and usernames for the websites visited.
Kember said that there is no master password or security, not even a prompt that ‘these passwords are visible’ allowing anyone sharing a computer able to see the saved passwords.
McAfee security expert Robert Siciliano said that the public should not be using their browser to manage their passwords and password managers have now evolved to a point where they have military grade encryption and they work across browsers, across devices and store the data locally and in the Cloud.
Siciliano further recommended users to go for two-factor authentication for e-mail and other important accounts, which requires users to confirm their identity with two pieces of log-in information and to make all passwords strong with a mix of upper- and lowercase letters and numbers, the report added.
Receive new posts on Time to Hack via email
Get the latest posts delivered right to your inbox