Row breaks out between Google security engineer and discoverer of Chrome settings flaw which reveals stored passwords
Google has been hit with its second claim of a major software flaw in recent months after it emerged it’s Chrome browser settings reveal stored passwords in plain text to anybody who accesses a computer on which they’ve been saved.By clicking on the ‘settings’ option, choosing ‘show advanced settings’ and then ‘manage saved settings’, anyone using a computer can view its saved passwords by clicking beside a list of obscure passwords to reveal them in plain text.The flaw was discovered by UK-based software developer Elliot Kember and adds to the discovery last month of a ‘master key’ bug on Google’s Android software which it’s claimed could enable outsiders to access any Android user’s device on models released since 2009.Justin Schuh, a security engineer on Chrome, insisted in an exchange with Kember that Google had “spent years evaluating it” and had “quite a bit of data to inform our decision”, adding that changing its system would leave users with a false sense of security because protected passwords are “trivially recoverable” to begin with.“… you’re arguing that we take measures to make users think they're safe when they've already surrendered any pretense of security. Effectively, you're asking that we lull our users into a false sense of security,” said Schuh.However, Kember countered that users already had a false perceived sense of security and were unaware that their passwords would be so easily accessible to other people.“Either change it, or better communicate the need to lock your system. Because to an average user on the street, this is a scary thing to be able to do so easily,” he said.Sir Tim Berners-Lee, inventor of the web, said Chrome’s response was disappointing.
Security: A row has broken out over Chrome's passwords settings
How to get all you big sister's passwords http://t.co/CpytKWH9aT and a disappointing reply from Chrome team.
— Tim Berners-Lee (@timberners_lee) August 6, 2013
Content created with:
Google is committed to helping businesses thrive in a privacy-first world. The technology giant works with thousands of businesses and agencies to help them prepare...
Find out more