Google's Chrome browser has a security flaw that gives users easy access to see the saved passwords on the web browser.
So beware before you share your computer with anyone or rather say before saving any passwords in chrome ;)
Source: http://blog.elliottkember.com/chromes-insane-password-security-strategy
This will happens for passwords that you have told Chrome to save.
How does it works?
1. Launch Chrome browser and login to google/gmail account
2. Copy below URL:
chrome://settings/passwords
3. Paste in Chrome's Address bar (Omnibox) and hit Enter
Open the Password Settings Page
Hover Mouse over one of the passwords
Click on Show button and your password is exposed!!!
Google says it's not going to change anything. Justin Schuh, the head of the Chrome security team, says that the only real way to keep your Chrome account safe is to never give anyone you don't trust access to the account.
"The only strong permission boundary for your password storage is the OS user account," he says, "So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we've found that boundaries within the OS user account just aren't reliable, and are mostly just theater."
This is sort of a crazy attitude.
This was originally discovered by Elliott Kember who rightly points out:
"Today, go up to somebody non-technical. Ask to borrow their computer. Visit chrome://settings/passwords and click “show” on a few of the rows. See what they have to say."
So beware before you share your computer with anyone or rather say before saving any passwords in chrome ;)
Source: http://blog.elliottkember.com/chromes-insane-password-security-strategy
