I’m not referring to skinning. Don’t get me wrong, it’s a good browser, and a fast one.
The flaw is a serious one, though. While logon data (password and username) were stored in plaintext without any sort of protection, the use of a master password could have prevented possible breaches…but that could open the user’s computer to other attacks as well.
Now, another flaw has come to light. Identity Finder has found this:
“Last week, Identity Finder security researchers performed in-depth scans on several employee computers using the latest version of Sensitive Data Manager (SDM). During the scan, SDM pinpointed several Chrome SQLite and protocol buffers storing a range of information including names, email addresses, mailing addresses, phone numbers, bank account numbers, social security numbers and credit card numbers. SDM found similar data among all employees who consistently use Chrome as their primary browser…. Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware. There are dozens of well-known exploits to access payload data and locally stored files.” – Identity Finder
So, how to protect yourself if you use Chrome (besides another browser, which that firm hasn’t yet tested)?
“Anytime you enter a credit card number or other [personal information] into a form, be sure to “Clear saved Autofill form data”, “Empty the cache”, and “Clear browsing history” from the past hour and the information you typed will be erased. Alternatively, disabling Autofill or using Incognito mode will protect form data.” – ibid
“After opening Chrome, click “Customize and control Google Chrome”, then Settings, then scroll down to “Show advanced settings” then click “Clear browsing data…”. Once the Clear browsing data dialog popup appears, enable the checkmark for “Clear saved Autofill form data”, “Empty the cache”, and “Clear browsing history”. Configure the time setting to include when you typed sensitive data such as “the past hour” [or “since the beginning of time”] then click the button on bottom right: “Clear browsing data”. Then, restart Google Chrome.” – ibid
You’ll have to do that after each session.