drjbhl
Ramblings of an old Doc
Google Chrome has a potentially serious flaw.
Published on October 14, 2013 By DrJBHL In Personal Computing

 

I’m not referring to skinning. Don’t get me wrong, it’s a good browser, and a fast one.

The flaw is a serious one, though. While logon data (password and username) were stored in plaintext without any sort of protection, the use of a master password could have prevented possible breaches…but that could open the user’s computer to other attacks as well.

Now, another flaw has come to light. Identity Finder has found this:

“Last week, Identity Finder security researchers performed in-depth scans on several employee computers using the latest version of Sensitive Data Manager (SDM). During the scan, SDM pinpointed several Chrome SQLite and protocol buffers storing a range of information including names, email addresses, mailing addresses, phone numbers, bank account numbers, social security numbers and credit card numbers.  SDM found similar data among all employees who consistently use Chrome as their primary browser…. Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware. There are dozens of well-known exploits to access payload data and locally stored files.” – Identity Finder

So, how to protect yourself if you use Chrome (besides another browser, which that firm hasn’t yet tested)?

“Anytime you enter a credit card number or other [personal information] into a form, be sure to “Clear saved Autofill form data”, “Empty the cache”, and “Clear browsing history” from the past hour and the information you typed will be erased. Alternatively, disabling Autofill or using Incognito mode will protect form data.” – ibid

The mechanics:

“After opening Chrome, click “Customize and control Google Chrome”, then Settings, then scroll down to “Show advanced settings” then click “Clear browsing data…”. Once the Clear browsing data dialog popup appears, enable the checkmark for “Clear saved Autofill form data”, “Empty the cache”, and “Clear browsing history”. Configure the time setting to include when you typed sensitive data such as “the past hour” [or “since the beginning of time”] then click the button on bottom right: “Clear browsing data”. Then, restart Google Chrome.” – ibid

You’ll have to do that after each session.

Sources:

http://www.ghacks.net/2013/10/12/google-chrome-saves-sensitive-data-entered-https-websites-plaintext/?_m=3n%2e0038%2e1033%2ehj0ao01hy5%2e12ca

http://www.identityfinder.com/blog/


Popular Articles in this Category
Safe and free software download sites for windows
Keep an Eye Out!
A new and more functional PC Manager widget from MS
Popular Articles from DrJBHL
Safe and free software download sites for windows
A new and more functional PC Manager widget from MS
Comments (Page 2)
2 Pages1 2 
16
kona0197
on Oct 14, 2013

That's not my point. My point is that people are taking extreme measures to secure there data when those measures are really not needed. Case in point: I've never had an issue. Is that hard to understand? Why make extra work for yourself?

DrJBHL
reply 15
You're always free not to read them and not to comment.

I get the hint, thanks.

17
DrJBHL
on Oct 14, 2013

You still don't get what this is about.

There is an easily breached source of potentially damaging data in Chrome (and perhaps other browsers).

For people who wish to protect themselves, I have provided information about the issue and a solution.

Nothing happened to you therefore it never will. Anyone concerned is paranoid in your not so humble opinion.

Always glad when subtlety is appreciated.

18
Phoon
on Oct 14, 2013

I never had a meteorite fall on my head, nor have I ever been struck by lightning. Might as well go hang out on the golf course in Florida during a thunderstorm and meteor shower cause I'm immune to damage!! 

Kona, no offense, but your logic in this one is by far the largest single crock of feces I've EVER seen. I'm embarrassed for you on this one.

19
Jafo
on Oct 14, 2013

Kona...

Simply google 'internet fraud' and/or 'identity theft'.

All those hits you will get will be the paranoid deluding themselves that their lives are ruined and/or bankrupted through theft.

20
kona0197
on Oct 14, 2013

Hey, I'm not saying I don't protect myself. I do. I just don't take it to the extreme you guys do. It's overkill.

21
the_Monk
on Oct 14, 2013

Phoon
reply 18
Kona, no offense, but ..... I'm embarrassed for you on this one.

 

Ditto!

22
kona0197
on Oct 14, 2013

Reread post #20. Key words: I'm not saying I don't protect myself. I do.

23
the_Monk
on Oct 14, 2013

kona0197
reply 22

Reread post #20. Key words: I'm not saying I don't protect myself. I do.

 

Kona, re-read this entire thread.  It is about protecting oneself.  So if you do in fact do that, then I'd imagine your post(s) may have been something like:

 

"Thanks DOC for pointing this out!"

 

24
kona0197
on Oct 15, 2013

Yeah I know. I do protect myself, I just don't go to the extreme like some people do. That was my point. Thanks.

25
Phoon
on Oct 15, 2013

Clearing ones browser history on a frequent, regular basis is NOT extreme in the least. It is common sense and anyone with reasonable skill sets and knowledge of data systems realizes the importance of it.

26
Jafo
on Oct 15, 2013

....and anyone constantly surfing for pron does it religiously....

[kinda enjoyed putting 'pron' and 'religiously' in the one sentence...]...

27
Phoon
on Oct 15, 2013

Jafo needs to watch out for the aforementioned lightning strikes now...

 

2 Pages1 2 
Meta
Views
» 51689
Comments
» 27
Category
» Personal Computing
Comment
Recent Article Comments
Let's see your political mem...
LightStar Design Windowblind...
Let's start a New Jammin Thr...
A day in the Life of Odditie...
Safe and free software downl...
Veterans Day
A new and more functional PC...
Post your joy
AI Art Thread: 2022
WD Black Internal and Extern...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0