Google Under Fire For Leaving Chrome Passwords Exposed

Developers of the Google Chrome browser have come under fire for failing to protect user saved passwords.

Web developer Elliot Kimber recently discovered that a users’ saved passwords can easily be exposed when their browser is directed to a settings URL.

Viewing the passwords does require direct access to the user’s computer, but, after that point, obtaining passwords is simple.

In a blog post exposing the issue, Kimber writes: “Google isn’t clear about its password security” and “[Users] don’t expect it to be this easy to see their passwords.”

Kimber says Chrome’s password import wording for Mac OS X is misleading. When users take advantage of that feature, an approval box occurs which asks you to allow your browser to “use your confidential information stored in your keychain.” Essentially, that wording means a users passwords will no longer be protected.

In a public response to the discovery, Google’s head of Chrome Security, Justin Schuh, said the company did not want to give users a “false sense of security” and “encourage risky behavior.”

Schuh further writes:

“We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that’s really what they get.”

Google claims that any changes to the Google Chrome OS and other browsers in terms of security would actually make browsers “less safe than they are today and “that’s just not how we approach security on Chrome.”

Are you worried about security on your Google Chrome browser following this new revelation?