Security Researchers Find Google Chrome User Cache Exposes Sensitive Data
Security researchers at Identify Finder said they performed a series of deep scans on several employee computers using the latest version of Sensitive Data Manager (SDM). The scans revealed a bunch of Chrome SQLite and protocol buffers storing user information such as names, addresses, email addresses, phone numbers, bank account info, credit card details, and even social security numbers.
"We confirmed with each employee that sensitive data, such as social security and bank account numbers, were only entered on secure, reputable websites," claims Identity Finder.
Your personal information is stored in here.
Chrome saved copies of the above mentioned data in the History Provider Cache, while other SQLite databases "of interest" include Web Data and History.
Since Chrome's browser data isn't protected, it would be relatively easy for a person to dig up the info with physical access to the system's hard drive, access to the file system (such as a shared network), or by using malware. That isn't just a theory -- the company coded a simple proof-of-concept malware designed to trick users into granting access to their file system.
So, what can Chrome users do? After entering in a credit card on a website and completing the transaction, you should "Clear saved Autofill form data," "Empty the cache," and "Clear browsing history" from the past hour. Alternately, you can disable Autofill or use Chrome's incognito browsing mode.