Last week Google's Chrome crawled out of Beta Status and into the realm of final software. But is this really a good thing?
Prior to its release Chrome can under scrutiny for caching and saving all browsed pages, sending search data to Google and for having very poor security.
Now we can add a lack of good password security to the list of issues with Chrome. According to a report from Chapin Information Services Chrome tied with Safari for last place in terms of password security.
Read the full report here.
Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user's knowledge.
1 - The destination where passwords are sent is not checked.
2 - The location where passwords are requested is not checked.
3 - Invisible form elements can trigger password management.
A technique described and demonstrated by CIS two years ago leveraged such vulnerabilities without using client-side scripting. The implication was that an attacker need not have full control over a target server or a victim's computer to obtain a password from their web browser.