Google Chrome users are vulnerable to sensitive data theft

Google Chrome users are vulnerable to sensitive data theft
Security experts at Identity Finder demonstrated that Google Chrome users are vulnerable to sensitive Data Theft because the browser stores it unencrypted.
Google Chrome is today the most diffused web browser, nearly 39% of internet users have chosen it according the data proposed by StatCounter. The reason of the success behind Google Chrome is its efficiency and simplicity of use, but what can we say about the security? How Google Chrome manage and protect users’ data?

Security experts at Identity Finder published an interesting blog post to highlight a series of security flaws in Google Chrome that could allow an attacker to steal personal data archived in the history files. Experts at Identity Finder demonstrated different methods to access personal data from the History Provider Cache in Google Chrome using their Sensitive Data Manager application, even if those data has been submitted through a secure website. The purpose of the post is to inform Google Chrome that their browser stores sensitive data unencrypted with obvious risks. The flaws exploitable in Google Chrome are related to SQLite and protocol buffers, used by the popular browser as storage for user’s personal data including names, email, phone numbers, bank details, credit card and social security numbers.

“Despite employees having entered this information on secure websites, Chrome saved copies of this data in the History Provider Cache. Other SQLite databases of interest include “Web Data” and “History.” On Windows machines, these files are located at “%localappdata%GoogleChromeUser DataDefault.”
The attacker needs to have a physical access to the user’s machine, the same results could be obtained if a malicious code is specifically written to exploit well known vulnerability in Google Chrome.
“Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware,” noted the researchers. “There are dozens of well-known exploits to access payload data and locally stored files.”
Earlier this year, software designer Elliott Kember revealed how to expose users’ passwords saved by Google Chrome simply visiting viewing Chrome’s settings stored under the path chrome/settings/passwords in plain text. Identity Finder security experts have provided the following Infograph to sensibilize Google Chrome users on the risks of exposure for their data.

(Source: CDM, Pierluigi Paganini, Editor and Chief )

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase