This Gaping Google Chrome Security Hole Could Give Anyone All Of Your Passwords

Impact

A major security hole in America's most popular web browser was discovered this Tuesday that indicates that the program's password saving features have been putting users at risk. Users on Google Chrome, it turns out, can access any previously used passwords that were previously saved.

Elliott Kember, a developer with the design studio Riot, first identified the security flaw in a blog posting on Tuesday. He explained in the posting that a simple code can enable anyone who opens Chrome on a given machine to have instant access to any passwords that have ever been stored on the machine with only a few clicks. The feature can be enabled to display passwords simply by typing a short web entry, "chrome://settings/passwords," into Chrome's browser and hitting enter. Any saved password information is then displayed in a box that looks like the following image.

Most Chrome users are unaware that their private information could become instantly visible to anyone who has access to their computer for only a moment. But the question remains, just how significant is the discovery? It may not, it turns out, be enough to force most users to run away from Chrome just yet.

Justin Schuch, head of Chrome's security program, has responded to the revelation by arguing back that the information is no cause for alarm. "Once anyone with malicious intent has access to your computer," he insists, any effort to protect your internet account is a "losing game." "You think your passwords are protected somehow in other applications," he fought back, "but they're simply not." The developer insisted that overcompensating by rolling out glossy new security promises is not the solution, saying, "We don't want to provide users with a false sense of security and encourage risky behavior."

Still, the unsightly feature may rightly encourage some to switch to other browsers such as Firefox that have made noticeable efforts to tighten security systems in recent months. But working to ensure that anyone with malicious intent cannot come in contact with your computer remains an integral way to bolster your online privacy and safety. Hopefully Chrome will respond to the newest discovery with some good-faith efforts to remove this newly discovered feature. But users should remember, no online browser guarantees complete security and privacy.