back to article Google preps Chrome password-blab bug fix

A few months after the bug was discovered, Google's decided it should experiment with a fix for its Chrome password exposure bug feature. As El Reg noted back in August: “If the victim, shall we say, is using Chrome, surf over to chrome://settings/passwords, click on a starred-out saved website password and click on "Show"; …

COMMENTS

This topic is closed for new posts.
  1. busycoder99

    Long overdue

    Good to see Google finally get off their collective butts and make an attempt to fix this gaping hole.

    Also, love the idea of using the OS credentials for authentication instead of setting a master password. However, what happens if the user has not set a password for his/her user account?

    1. FunkyEric

      Re: Long overdue

      Then they only have themselves to blame if they let some miscreant loose on their computer

  2. deKay

    "A few months after the bug was discovered"?!

    This "bug" has ALWAYS been in Chrome. See http://productforums.google.com/forum/#!topic/chrome/k6JmRoGJp5w%5B1001-1025-false%5D from 2008!

  3. Lockwood

    Remember kids: Chrome is the fastest and most secure browser.

    1. Anonymous Coward
      Anonymous Coward

      Don't worry....

      ... your passwords are also securely stored on Google servers....

  4. ChrisC Silver badge

    This is considered a bug? Given that Firefox behaves in the same way when asked to show stored passwords, I'd just assumed it was the intended behaviour in Chrome too...

    1. handle

      You can set a master password in Firefox which is then demanded if you want to look at the stored passwords (at least in the preferences GUI) and (possibly) before it will give certificates out.

    2. Walt Leipold

      But Firefox has a "Timeout master password" feature that keeps miscreants at bay (if the user has set a master password). It also requires the user to RE-enter his master password to view passwords.

  5. Al_21

    By design

    This wasn't a bug, but by design... bad design.

    Glad Google have finally decided to cave in and listen to user feedback, but annoyed it took so long to add this feature.

    Recall reading somewhere Google said it's because they didn't want to give a false sense of security - although it is a layer of security once the system is compromised.

  6. Oneman2Many

    As mentioned, how is this a bug. if you want to share accounts with somebody on your device then make sure you select the option not to save password, common sense really.

    Also as already mentioned, firefox is exactly the same.

    1. deKay

      And as mentioned before - Firefox is NOT exactly the same. It has a master password option.

  7. Coen Dijkgraaf
    Mushroom

    Hopefully they will remember to password protect the flag as well.

    Otherwise

    Surf to chrome://flags/#enable-password-manager-reauthentication

    Disable

    Surf over to chrome://settings/passwords,

    Click on a starred-out saved website password and click on "Show";

    Rinse and repeat down the list.

    Voila, you can see his or her passwords in plain text.

This topic is closed for new posts.

Other stories you might like