by Al Sacco

Google DOES Care About Chrome Password Security…Sort of (Maybe)

Nov 04, 20132 mins
Chrome OSOperating SystemsSecurity

A new feature in the latest build of the Chrome browser for Mac lets users protect saved passwords, which suggests Google may have reversed its position on a previously-identified Chrome security risk.

It’s remarkably simple to discover all of the passwords saved in a person’s Chrome Web browser, if you can gain access to that browser while they’re still logged in. I wrote a post about this back in August, titled “How to Steal Passwords Saved in Google Chrome in 5 Simple Steps.”

Chrome for Mac saved password security

The issue got a lot of attention in the press, and at the time Google Chrome security team member Justin Schuh basically said Google was aware of the lack of password security in Chrome and said that it wouldn’t do anything about it either. Schuh argued that if a Bad Guy gained access to your browser while you were still logged in, he had already breached your security. Which is true…kind of. But that doesn’t mean Google couldn’t make it a little bit harder to steal passwords saved in Chrome.

And despite Schuh’s comments, it looks as though Google may be taking steps to better protect those passwords…kind of.

Google’s François Beaufort yesterday posted about a new feature in Chrome for Mac that prompts users for Mac system passwords when they try to view passwords stored in the browser. The password information still appears to be stored in plain text and not encrypted or otherwise protected. But the prompt for a system password is a step in the right direction.

The safeguard is only in the latest build of Chrome for Mac, and it is not available for other platforms at this point. But the fact that it was included at all suggests Google at least sees some value in protecting those passwords saved in Chrome.