TweakTown
Tech content trusted by users in North America and around the world
5,911 Reviews & Articles | 38,068 News Posts

Chrome in last place for Password Security

Ties with Safari

| Hacking & Security News | Posted: Dec 15, 2008 2:35 pm

Last week Google's Chrome crawled out of Beta Status and into the realm of final software. But is this really a good thing?

 

Prior to its release Chrome can under scrutiny for caching and saving all browsed pages, sending search data to Google and for having very poor security.

 

Now we can add a lack of good password security to the list of issues with Chrome. According to a report from Chapin Information Services Chrome tied with Safari for last place in terms of password security.

 

Read the full report here.

 

Chrome in last place for Password Security

Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user's knowledge.

 

1 - The destination where passwords are sent is not checked.
2 - The location where passwords are requested is not checked.
3 - Invisible form elements can trigger password management.

 

A technique described and demonstrated by CIS two years ago leveraged such vulnerabilities without using client-side scripting. The implication was that an attacker need not have full control over a target server or a victim's computer to obtain a password from their web browser.

 

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases