Results 1 to 2 of 2

Thread: Google Chrome's cache exposes personal data

  1. #1

    Google Chrome's cache exposes personal data

    A major security flaw in Google's popular Chrome browser was exposed on Thursday by data management firm Identity Finder.The flaw comes into play anytime you type personal information into webforms at trusted websites or directly into the Chrome browser address bar.
    Researchers found that Chrome's caching mechanism routinely stores names, e-mail addresses, street addresses, phone numbers, bank account numbers, social security numbers and credit card numbers directly onto your hard drive in plain text -- without your knowledge or consent.
    The function of a browser cache is to store files from websites, mainly to speed display of web pages on your next visit.
    It's trivial for anyone with physical access to your computer to view and copy all of this sensitive personal data. What's worse, any bad guy who has lured you into installing a data-stealing Trojan on your computer can also easily harvest this very sensitive data.
    "Private information is being served on a silver platter for any criminal industrious enough to gain access," says Identity Finder CEO Todd Feinman. "This should frighten any consumer or business using Google Chrome."
    Chrome is the world's third most popular web browser with a 16% market share; Firefox has a 19% share and Internet Explorer holds a 58% share, according to Net Applications.
    This is the second finding of a profound Chrome shortcoming in three months. Last July, NSS Labs analyzed the privacy mechanisms built into Internet Explorer, Firefox, Chrome and Safari and found Chrome offering the poorest privacy protection.
    CyberTruth has contacted Google spokeswoman Leslie Miller for comment; Miller says she's looking into it.
    "By default Google Chrome stores (web) form data, including data entered on secure websites, to automatically suggest for later use," says Feinman. "This stored data is unencrypted text and accessible if your computer or hard drive is stolen or is infected with malware."
    The risks of identity theft to consumers are obvious. Businesses that must comply with the payment card industry's PCI-DSS security rules could fail audits if employees are in the practice of entering credit card data in Chrome.
    An extra step employees and consumers can take is to regularly clear Chrome's cache. Until Google addresses this gaping security hole, Chrome users would be wise to learn how to clear Chrome's cache, and do it often.
    Security researchers have long warned Google of the dangers presented by poorly-conceived security and privacy controls. "This is no longer a theoretical risk that can be dismissed," Feinman says. "The fact that these security risks have been hard-coded into Chrome for so long only adds to the urgency for browser makers to secure all stored browser data."
    It's noteworthy that this flaw is baked into Chrome's basic architecture. "If Google properly prioritizes this issue with enough resources, it can mitigate this risk very quickly," Feinman says.
    Google Chrome's cache makes data easy to steal

    Those who can make you believe absurdities can make you commit atrocities.


  2. #2
    Google is as Google does. I have been calling Chrome the biggest piece of spyware on the web for several years. Never save logins or passwords in Chrome.

    The storing of personal data is something new, but not in any way unbelievable.

    My only use of Chrome is when visiting Google properties or testing web sites. I never use it to cruise the web because I have never trusted it.

    "Don't be evil" Bwahahahaha!
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts