A flaw has been exposed in Google Chrome that allows anyone with access to a computer to see saved passwords in plain text format.
UK developer Elliott Kember discovered that anyone with access to a computer can view passwords stored for email, social media and other sites by going to the browser’s settings panel and no additional password is required to do so.
“In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It’s the mass market – the users. The overwhelming majority,” Kember said on his blog.
"They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay,” Kember added.
Finding the passwords is as easy as going to settings, scrolling down to the bottom, clicking on “Show advanced settings…” and under “Passwords and forms” choosing “Manage saved passwords”. If the user has chosen to save passwords in Google Chrome, an extensive list of them will show up and clicking on each one will give the option to “Show” the password in plain text.
Google Chrome security engineer Justin Schuh responded to the news story on HackerNews and stated there are no plans to change the settings panel.
“I appreciate how this appears to a novice, but we've literally spent years evaluating it and have quite a bit of data to inform our position. And while you're certainly well intentioned, what you're proposing is that that we make users less safe than they are today by providing them a false sense of security and encouraging dangerous behaviour. That's just not how we approach security on Chrome,” Schuh wrote.
Sir Tim Berners-Lee, the inventor of the Internet, is one that has taken Schuh to task as he tweeted the Google response was “disappointing” and dubbed the flaw as “how to get all your big sister’s passwords”.
Google Chrome is one of the three largest web browsers and is third behind Microsoft Internet Explorer and Mozilla Firefox when it comes to unique users. It does, however, lead the way in other research that uses page views to measure market share.
Image Credit: Flickr (Varawut.com)