Google Chrome has a potentially serious flaw.

By on October 14, 2013 9:10:46 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2155

 

I’m not referring to skinning. Don’t get me wrong, it’s a good browser, and a fast one.

The flaw is a serious one, though. While logon data (password and username) were stored in plaintext without any sort of protection, the use of a master password could have prevented possible breaches…but that could open the user’s computer to other attacks as well.

Now, another flaw has come to light. Identity Finder has found this:

“Last week, Identity Finder security researchers performed in-depth scans on several employee computers using the latest version of Sensitive Data Manager (SDM). During the scan, SDM pinpointed several Chrome SQLite and protocol buffers storing a range of information including names, email addresses, mailing addresses, phone numbers, bank account numbers, social security numbers and credit card numbers.  SDM found similar data among all employees who consistently use Chrome as their primary browser…. Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware. There are dozens of well-known exploits to access payload data and locally stored files.” – Identity Finder

So, how to protect yourself if you use Chrome (besides another browser, which that firm hasn’t yet tested)?

“Anytime you enter a credit card number or other [personal information] into a form, be sure to “Clear saved Autofill form data”, “Empty the cache”, and “Clear browsing history” from the past hour and the information you typed will be erased. Alternatively, disabling Autofill or using Incognito mode will protect form data.” – ibid

The mechanics:

“After opening Chrome, click “Customize and control Google Chrome”, then Settings, then scroll down to “Show advanced settings” then click “Clear browsing data…”. Once the Clear browsing data dialog popup appears, enable the checkmark for “Clear saved Autofill form data”, “Empty the cache”, and “Clear browsing history”. Configure the time setting to include when you typed sensitive data such as “the past hour” [or “since the beginning of time”] then click the button on bottom right: “Clear browsing data”. Then, restart Google Chrome.” – ibid

You’ll have to do that after each session.

Sources:

http://www.ghacks.net/2013/10/12/google-chrome-saves-sensitive-data-entered-https-websites-plaintext/?_m=3n%2e0038%2e1033%2ehj0ao01hy5%2e12ca

http://www.identityfinder.com/blog/

27 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 9:34:22 AM from Stardock Forums Stardock Forums

which is too much for every session, there must be an extension to do this for you? ... considering that Opera uses Chrome code now, it might pay for anyone with Opera to look into if their browser is doing the same thing.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 10:24:26 AM from WinCustomize Forums WinCustomize Forums

Indeed...

The best I've seen is "Click & Clean", but you'll still have to open it (right side of your browser bar and click on the 'Options', and do it at the end of each browser session, as far as I can see.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 10:53:06 AM from WinCustomize Forums WinCustomize Forums

I don't rely on the browser to Auto-Fill forms. Never have.

I use Roboform for that and have done so for at least 10 years.

 

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
October 14, 2013 11:00:18 AM from WinCustomize Forums WinCustomize Forums

I clean up Chrome daily. Pain in the butt logging in on certain sites but I can live with that. As for auto-fill, its disabled as I never use it. 

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 2:56:31 PM from WinCustomize Forums WinCustomize Forums

Quoting Phoon,

I don't rely on the browser to Auto-Fill forms. Never have.

I use Roboform for that and have done so for at least 10 years.

 


Isnt roboform just a addon ? if so the data will be still saved in the chrome cache...
I thank you DOC for pointing this out 
Just to say that the solution of click and clean is ok but should not be needed on a browser that is used by the majority.
On my Home computer i run TU its set to clean browser history cache and cookies daily when going idle.
But this topic reminds me that i have to find a new browser one that isnt a target for exploits

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 3:02:30 PM from WinCustomize Forums WinCustomize Forums

Quoting Roloccolor,
But this topic reminds me that i have to find a new browser one that isnt a target for exploits

Good luck, if you find one and other people find it no doubt it will become popular and then you can guess what will happen.  

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 3:26:02 PM from WinCustomize Forums WinCustomize Forums

true but first it needs to get popular... but i doubt i will find something good reliable and fast 

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 4:12:28 PM from WinCustomize Forums WinCustomize Forums

be sure to “Clear saved Autofill form data”, “

I don't THINK roboform is populating that data. I have autofill turned off. Roboform just fills in the forms being shown. Now, if I had autofill turned on it may want to save that in a separate file/database somewhere, but I doubt it is since it is off. In any case, I tend to clear all the browsing data on a daily basis. Repeatedly.

 

As a matter of fact, I just checked this theory. I did not empty my history or data. I went to chrome://settings and looked at the Passwords and forms section. On this particular machine I had both options checked, but.... when I look at the Manage Autofill settings, and Manage saved passwords sections they are empty. That is because I've never told the browser to save this info, even when it asks. So, Roboform use would not present any risk at all in this scenario.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 4:28:45 PM from WinCustomize Forums WinCustomize Forums

Lots of paranoid internet users here on WC.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 4:40:00 PM from WinCustomize Forums WinCustomize Forums

Just who do you mean, kona?

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 4:45:42 PM from WinCustomize Forums WinCustomize Forums

People looking over their shoulders it seems. Deleting browsing data every day, nor using auto fill, clearing this or that. Whatever. I've used Firefox for years. In all that time I have never had any issues. And I don't clear my setting or browsing data everyday, and I do use auto fill.

I guess I'm different. I just don't have issues.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 5:10:50 PM from WinCustomize Forums WinCustomize Forums

Some people care about losing banking data, passwords, social security numbers, etc. Go figure.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 5:49:46 PM from WinCustomize Forums WinCustomize Forums

Quoting kona0197,
People looking over their shoulders it seems. Deleting browsing data every day, nor using auto fill, clearing this or that. Whatever. I've used Firefox for years. In all that time I have never had any issues. And I don't clear my setting or browsing data everyday, and I do use auto fill.

I guess I'm different. I just don't have issues.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 6:00:22 PM from WinCustomize Forums WinCustomize Forums

Quoting DrJBHL,
Some people care about losing banking data, passwords, social security numbers, etc. Go figure.

I care about those things as well. Just never had any issues. I was pointing out that I don't take such extreme measures. Some people take it to the extreme when that's not really needed. Tin foil hat anyone?

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 6:17:39 PM from WinCustomize Forums WinCustomize Forums

It's sort of like pregnancy, kona: Either a browser is secure or it isn't. I don't care if your data is secure if you don't. There are people who do care. These articles are for them. You're always free not to read them and not to comment.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 6:30:00 PM from WinCustomize Forums WinCustomize Forums

That's not my point. My point is that people are taking extreme measures to secure there data when those measures are really not needed. Case in point: I've never had an issue. Is that hard to understand? Why make extra work for yourself?

Quoting DrJBHL,
You're always free not to read them and not to comment.

I get the hint, thanks.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 6:42:43 PM from WinCustomize Forums WinCustomize Forums

You still don't get what this is about.

There is an easily breached source of potentially damaging data in Chrome (and perhaps other browsers).

For people who wish to protect themselves, I have provided information about the issue and a solution.

Nothing happened to you therefore it never will. Anyone concerned is paranoid in your not so humble opinion.

Always glad when subtlety is appreciated.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 8:02:03 PM from WinCustomize Forums WinCustomize Forums

I never had a meteorite fall on my head, nor have I ever been struck by lightning. Might as well go hang out on the golf course in Florida during a thunderstorm and meteor shower cause I'm immune to damage!! 

Kona, no offense, but your logic in this one is by far the largest single crock of feces I've EVER seen. I'm embarrassed for you on this one.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 8:14:51 PM from WinCustomize Forums WinCustomize Forums

Kona...

Simply google 'internet fraud' and/or 'identity theft'.

All those hits you will get will be the paranoid deluding themselves that their lives are ruined and/or bankrupted through theft.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 8:37:55 PM from WinCustomize Forums WinCustomize Forums

Hey, I'm not saying I don't protect myself. I do. I just don't take it to the extreme you guys do. It's overkill.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 9:41:23 PM from Stardock Forums Stardock Forums

Quoting Phoon,
Kona, no offense, but ..... I'm embarrassed for you on this one.

 

Ditto!

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 10:44:00 PM from WinCustomize Forums WinCustomize Forums

Reread post #20. Key words: I'm not saying I don't protect myself. I do.

Reason for Karma (Optional)
Successfully updated karma reason!
October 14, 2013 10:57:41 PM from Stardock Forums Stardock Forums

Quoting kona0197,

Reread post #20. Key words: I'm not saying I don't protect myself. I do.

 

Kona, re-read this entire thread.  It is about protecting oneself.  So if you do in fact do that, then I'd imagine your post(s) may have been something like:

 

"Thanks DOC for pointing this out!"

 

Reason for Karma (Optional)
Successfully updated karma reason!
October 15, 2013 12:46:55 AM from WinCustomize Forums WinCustomize Forums

Yeah I know. I do protect myself, I just don't go to the extreme like some people do. That was my point. Thanks.

Reason for Karma (Optional)
Successfully updated karma reason!
October 15, 2013 8:31:44 AM from WinCustomize Forums WinCustomize Forums

Clearing ones browser history on a frequent, regular basis is NOT extreme in the least. It is common sense and anyone with reasonable skill sets and knowledge of data systems realizes the importance of it.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108431  walnut1   Server Load Time: 00:00:00.0000141   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.