Google's popular web browser "Chrome" the backbone of several of its devices including the widely popular Chromecast, apparently has a significant security flaw that leaves users's passwords vulnerable to anyone who can access someone else's Chrome account.
Discovered by software developer Elliott Kember, while transferring his bookmakrs from Apple's Safari browser to Google Chrome, he noticed that Google does not protect passwords from being viewed when a user is logged in and running Chrome. Users can simply go to the advanced settings page and click on the "passwords and forms" option, followed by "Manage saved passwords." From there a list of all passwords that users have saved to Google Chrome can be seen. (Alternatively, users can simply go to chrome://settings/passwords and find the list in their browser).
While the passwords are obscured, they can be revealed in plain text simply by clicking the "show" button next to each one. The worst part is, there is nothing users can do to secure this list. Anyone who gains access to your Google Chrome account has the means to log into every website you've trusted the browser with your password's security.
Justin Schuh, head of Google's Chrome developer team responded to Kember's assessment that this was a major flaw in Google Chrome's security that they don't tell users about, by claiming that he is wrong and that Google would be giving a false sense of security if they changed its model to support a master password.
According to the Telegraph Schuh responded saying "You think your passwords are protected somehow in other applications, but they're simply not. The fact is that they're still trivially recoverable, and if the bad guy can read them at all than he already has access to fully compromise your entire OS user account," he continued. "So you're arguing that we take measures to make users think they're safe when they've already surrendered any pretense of security. Effectively, you're asking that we lull our users into a false sense of security."
It didn't take long before security experts and those in the industry to react against the statement from the company. Many even point out that Firefox, one of the Chrome browser's chief rivals offers a master password system to protect all of its saved content.
The safest way to ensure that your accounts are safe behind password protection is simply to not save any passwords to your browser, especially if your browser of choice is Google Chrome.
