Wednesday, May 18, 2016

Security flaw in Chrome browser revls plain-text s without authentiion

: thehayden.orgThe Guardianreports that a security flaw inChromllows anyone with access to a computer to view all of the saved logins without requiring any form of authentiion.A serious flaw in the security of Google’s Chrome browser lets anyone with access to a user’s computer see all the s stored for email, social media and other sites, directly from the settings panel. No is needed to view them.
Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.s are accessed by clicking the menu icon (top-right), selectingSettings, clickingShow advanced settingsat the bottom of the screen and then, in thes and formssection, clickingManage saved s. s are initially obscured, but clicking the obscured displays aShowbutton which then revls the plain text .We’ve just tried it here, and it works. Bizarrely,Google’s Chrome developer tm, Justin Schuh, is cited as saying Google is aware of the wkness but has no plans to fix it.Worldwide web inventor Tim Berners-Lee described Google’s response as “disappointing”, describing it in whical terms as “how to get all your big sister’s s.”Although someone would need physical or remote access to the computer to do this, there are many shared computers in both home and work environments. Although it could be argued thataccess to the machine allows you to simply login to any of the stored sites directly, the difference here is that you’d be able to note a login and then use it later on a different machine.Most browsers have a similar -revl function, but require a master to be entered before s are displayed. In Safari on a Mac, logins are stored in chain, and your Mac is required to revl website s.

No comments:

Post a Comment