(Ping! Zine Web Tech Magazine) – Google Chrome has an “insane password security strategy,” according to software developer Elliott Kember who recently stumbled upon a key vulnerability on the popular web browser.
The issue was discovered when Kember sought to use Chrome’s “Import bookmarks now” feature in an attempt to transfer his bookmarks from Apple web browser Safari.
However, the software developer then noticed it was mandatory that he also import “saved passwords.”
It was then that Kember discovered a “saved passwords” setting page where the user is able to actually view all their saved passwords.
So why is the issue alarming? Simply get on someone else’s computer (like a friend) and you could easily obtain access to all their online accounts by stealing their passwords.
And while developers may safeguard against such issues by using something like 1Pass, Kember points out most people actually aren’t developers. “In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It’s the mass market – the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay,” Kember states via his blog.
Google Chrome has been gaining in popularity since its initial release in September of 2008.