Security Researchers Find Google Chrome User Cache Exposes Sensitive Data

rated by 0 users
This post has 2 Replies | 1 Follower

Top 10 Contributor
Posts 26,100
Points 1,183,670
Joined: Sep 2007
ForumsAdministrator
News Posted: Fri, Oct 11 2013 9:23 AM
In the famous words of a canine scholar best known for his research into unexplainable phenomenon, "Ruh roh!" That about sums up our reaction to the discovery that Google's popular Chrome browser may be storing sensitive data in such a way that it would be relatively easy for a malicious third party to dig it up and steal your identity, among other things.

Security researchers at Identify Finder said they performed a series of deep scans on several employee computers using the latest version of Sensitive Data Manager (SDM). The scans revealed a bunch of Chrome SQLite and protocol buffers storing user information such as names, addresses, email addresses, phone numbers, bank account info, credit card details, and even social security numbers.

"We confirmed with each employee that sensitive data, such as social security and bank account numbers, were only entered on secure, reputable websites," claims Identity Finder.

Chrome Data
Your personal information is stored in here.

Chrome saved copies of the above mentioned data in the History Provider Cache, while other SQLite databases "of interest" include Web Data and History.

Since Chrome's browser data isn't protected, it would be relatively easy for a person to dig up the info with physical access to the system's hard drive, access to the file system (such as a shared network), or by using malware. That isn't just a theory -- the company coded a simple proof-of-concept malware designed to trick users into granting access to their file system.

So, what can Chrome users do? After entering in a credit card on a website and completing the transaction, you should "Clear saved Autofill form data," "Empty the cache," and "Clear browsing history" from the past hour. Alternately, you can disable Autofill or use Chrome's incognito browsing mode.
  • | Post Points: 20
Top 25 Contributor
Posts 3,474
Points 47,055
Joined: Nov 2005
Location: Metropolis
ForumsAdministrator
Moderator

News:
So, what can Chrome users do? After entering in a credit card on a website and completing the transaction, you should "Clear saved Autofill form data," "Empty the cache," and "Clear browsing history" from the past hour.

If you install the Click&Clean extension for Chrome you can set it to do this automatically and not worry about it.

 SPAM-posters beware! ®

  • | Post Points: 20
Top 25 Contributor
Posts 3,563
Points 54,725
Joined: Jul 2004
Location: United States, Massachusetts
ForumsAdministrator
MembershipAdministrator
Dave_HH replied on Fri, Oct 11 2013 1:50 PM

SuperDave FTW! Nice

Editor In Chief
http://hothardware.com


  • | Post Points: 5
Page 1 of 1 (3 items) | RSS