Password Security flaw discovered in Google Chrome (http://www.abcnews.com)
Web designer Elliott Kember noticed a security flaw in the Google Chrome browser earlier this week. When he went to transfer the bookmarks from his Safari browser to Chrome, he went digging into some simple Chrome settings only to find that when you go to import bookmarks from another browser, the software automatically defaults to bringing over your saved passwords. While there is a check mark to disable the password import, it can’t be unchecked on a Mac, something ABC News was able to confirm.
Google plans to fix that specific problem soon, confirming to ABC News that the automatic syncing of passwords from Safari browsers was a bug in the Mac version of Chrome.
“Thanks to our users, who discovered a bug in Chrome’s import interface, which improperly represents how passwords are handled upon import from other browsers,” Google said in a statement provided to ABC News. “We developed a fix to better represent how passwords are handled across platforms, which will roll out to all users soon.”
However, that fix won’t solve another problem Kember found. He went a step further to point out that if you do import those passwords to Chrome they, and any other passwords you have saved in the browser, are completely unprotected. By typing in chrome://settings/passwords in Chrome address bar, you are able to see the saved passwords and usernames for the websites you visit.
(Continue reading at http://www.abcnews.com)
My Two Cents: Another reason for not allowing passwords to be saved via bookmarks and cookies…