Google Chrome feature as a security hole

For anyone unfamiliar with it, Google Chrome is probably one of the most decent browsers out there. But then again anything is better than internet explorer *shudder*. It’s also perfect for developers, however the developer feature can be a major security concern.

Here is the gist of it: you can view any auto-saved or entered password without the owner’s permission.

  1. Open a page that has a username and password filled in
  2. Next, simply right click on the password and select Inspect Element.
  3. The panel on the bottom will pop up where you’ll see the HTML code of the page
  4. Now the fun part: double click the line that has type=”password” in it, change type=”password” to type=”text” and hit enter
  5. voila! now you see the password in plain text!

Firefox has a great feature for these things – called the master password. Whenever Firefox is trying to auto-fill a saved password, it’ll ask for the master password first. Maybe Google should look into implementing a similar feature…

Tags: , ,

Leave a Reply

You must be logged in to post a comment.