Google’s popular web browser, Chrome, was in the news a few months back when a web designer had demonstrated how a single URL could reveal all of your stored credentials to another user who has physical access to your machine. A new post on the Chromium Code Reviews now suggests that the company may be working on a fix for the password exposure feature. Google’s Patrick Dubroy has now posted a new code that could fix this issue for review. The code for the experimental flag has, however, been added only to the latest Mac build of the Chrome browser. While explaining the way the fix works, the review post says, “When the flag is enabled and the user attempts to reveal a plaintext password in chrome://settings/passwords, they will be prompted to reauthenticate with their OS password. This matches Safari's behaviour on OS X.” The authentication window itself will be open for one minute. It is presumed that the fix, if it proves to be successful, will be rolled out for other versions of Chrome as well.
Google may be working on a fix for Chrome's password exposure flaw
Up till now, all users needed to do was to visit chrome://settings/passwords in the browser. Once visited, all Chome user passwords could easily be accessed with just one click of the mouse. And Chrome’s design ensured that the passwords of all synced accounts like Facebook and Twitter could easily be accessed. At the time, Justin Schuh, Google’s head of Chrome Security, had said that if a would-be attacker has access to a user’s machine, then the “game is lost” because there are “too many vectors for [the attacker] to get what he wants." The rationale, however, did not account for families who may share the same computer, though. It also did not address the fact that Chrome comes with a centralised window that gives an easy method to search for passwords. This exposure can basically allow any user to locate, copy or use a Facebook or Twitter password in a matter of seconds. The ambiguity of the company’s logic, at the time, was worrisome given that Google’s web browser now has a huge number of users employing its services.
ReadMore:Android Games
No comments:
Post a Comment