Feeds

back to article Google preps Chrome password-blab bug fix

A few months after the bug was discovered, Google's decided it should experiment with a fix for its Chrome password exposure bug feature. As El Reg noted back in August: “If the victim, shall we say, is using Chrome, surf over to chrome://settings/passwords, click on a starred-out saved website password and click on "Show"; …

COMMENTS

This topic is closed for new posts.

Long overdue

Good to see Google finally get off their collective butts and make an attempt to fix this gaping hole.

Also, love the idea of using the OS credentials for authentication instead of setting a master password. However, what happens if the user has not set a password for his/her user account?

1
1

Re: Long overdue

Then they only have themselves to blame if they let some miscreant loose on their computer

0
1

"A few months after the bug was discovered"?!

This "bug" has ALWAYS been in Chrome. See http://productforums.google.com/forum/#!topic/chrome/k6JmRoGJp5w%5B1001-1025-false%5D from 2008!

0
0

Remember kids: Chrome is the fastest and most secure browser.

0
0
LDS
Silver badge

Don't worry....

... your passwords are also securely stored on Google servers....

0
0

This is considered a bug? Given that Firefox behaves in the same way when asked to show stored passwords, I'd just assumed it was the intended behaviour in Chrome too...

1
0
Bronze badge

You can set a master password in Firefox which is then demanded if you want to look at the stored passwords (at least in the preferences GUI) and (possibly) before it will give certificates out.

1
0

But Firefox has a "Timeout master password" feature that keeps miscreants at bay (if the user has set a master password). It also requires the user to RE-enter his master password to view passwords.

0
0

By design

This wasn't a bug, but by design... bad design.

Glad Google have finally decided to cave in and listen to user feedback, but annoyed it took so long to add this feature.

Recall reading somewhere Google said it's because they didn't want to give a false sense of security - although it is a layer of security once the system is compromised.

0
0

As mentioned, how is this a bug. if you want to share accounts with somebody on your device then make sure you select the option not to save password, common sense really.

Also as already mentioned, firefox is exactly the same.

0
2

And as mentioned before - Firefox is NOT exactly the same. It has a master password option.

0
0
Mushroom

Hopefully they will remember to password protect the flag as well.

Otherwise

Surf to chrome://flags/#enable-password-manager-reauthentication

Disable

Surf over to chrome://settings/passwords,

Click on a starred-out saved website password and click on "Show";

Rinse and repeat down the list.

Voila, you can see his or her passwords in plain text.

0
0
This topic is closed for new posts.