Google Chrome Saves Sensitive User Data In Plaintext
Google Chrome browser may be storing sensitive data in such a way that it would be relatively easy for a malicious third party to dig it up and steal your identity, among other things.
Security researchers at Identify Finder said they performed a series of deep scans on several employee computers using the latest version of Sensitive Data Manager (SDM). The scans revealed a bunch of Google Chrome SQLite and protocol buffers storing user information such as names, addresses, email addresses, phone numbers, bank account info, credit card details, and even social security numbers.
“We confirmed with each employee that sensitive data, such as social security and bank account numbers, were only entered on secure, reputable websites,” claims Identity Finder.
The data is not protected in the cache, which means that anyone with access to it can extract the information. This does not necessarily mean local access, as malicious software running on a user’s computer, and even social engineering, may yield the same results.
Handing over the computer to a computer repair shop, sending it in to the manufacturer, or selling it may provide third parties with access to sensitive information stored by the browser.
Google Chrome is the world’s third most popular web browser with a 16% market share; Firefox has a 19% share and Internet Explorer holds a 58% share, according to Net Applications.
This is the second finding of a profound Chrome shortcoming in three months. Last July, NSS Labs analyzed the privacy mechanisms built into Internet Explorer, Firefox, Chrome and Safari and found Chrome offering the poorest privacy protection.
A statement by Google on The Verge reads :
Google Chrome is the most secure browser and offers you control over how it uses and stores data. Chrome asks for permission before storing sensitive information like credit card details, and you don’t have to save anything if you don’t want to. Furthermore data stored locally by Chrome will be encrypted, if supported by the underlying operating system. For example, Chrome OS encrypts all data stored locally by default. We recommend people use the security measures built into their operating system of choice.