Google Chrome Flaw Leaves Passwords, Credit Cards &
Bank Details Exposed
That’s what the security folks at Identity Finder seem to think. The research firm has just published a blog post highlighting a number of security flaws in Google Chrome that could give hackers a way to capture personal data stored within its history files.
Identity Finder‘s team outlined a variety of methods in their blog post, which could allow attackers to access personal data from the History Provider Cache in Google Chrome using its Sensitive Data Manager program, even in cases where data has been entered on secure website. The flaws were found in Chrome’s SQLite and protocol buffers, which often store the personal data of web users, such as their names, email, phone numbers, bank details, credit card and social security numbers. In addition, some of this data could also be accessed via the History and Web Data caches on Chrome, the researchers said.
“Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware,” noted the researchers.
“There are dozens of well-known exploits to access payload data and locally stored files.”
According to Identity Finder, these vulnerabilities aren’t a new discovery – they’ve been known about for some time – but their research is believed to be the first time that anyone has demonstrated how they can be exploited to steal personal data:
“By connecting the dots, we hope to educate all Chrome users that Chrome stores sensitive data unencrypted, alert users of the risks of stored Chrome data, and encourage individuals and enterprises to engage in sensitive data management best practices.”
more
http://siliconangle.com/blog/2013/10/14/google-chrome-flaw-leaves-passwords-credit-cards-bank-details-exposed/
No comments:
Post a Comment