Google Chrome & Edge save passwords Vulnerability detected
Software News

Google Chrome & Edge save passwords Vulnerability detected

CyberArk Labs security researcher points out a vulnerability in Google Chromium that affects Chrome web browsers and Edge web browsers. Saved passwords can be easily read. Chrome stores passwords as plain text in its memory.

The unencrypted passwords are easily readable if you know how to find them. This is not the true scandal. According to the findings by Zeev B. Porat, CyberArk Labs, this method for storing sensitive data unencrypted was documented by Satyam Singh in 2015.

He had noticed at the time that passwords could be stored in plain text in main memory. These vulnerabilities should have been known for a while.

This vulnerability has not been addressed to my knowledge. It appears that Google will not change anything. Developers deemed the problem irrelevant, which is not necessary to be fixed. Zeev Ben Porat, a security researcher, found numerous questionable ways of handling sensitive data.

Analyse
Credentials (URL/username/password) are stored in Chrome’s memory in plain text. An attacker could also trick Chrome into loading all passwords in the password manager (“login information”) file into its memory.
When the relevant application is running, all data (value and property cookies) are stored in plain text in Chrome memory. This includes sensitive session cookies.
This information can be easily extracted using a non-elevated standard process that runs locally and directly accesses Chrome’s memory (using the OpenProcess or ReadProcessMemory APIs).
Researchers also tried to find out how popular browsers handled passwords. Researchers discovered that Firefox and Vivaldi also store passwords as plain text, in addition to Chrome and Edge.

 

Google Chrome & Edge save passwords Vulnerability detected
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top