Unencrypted data takes shine off Chrome
November 19, 2013

Many browsers, by storing commonly used data, can make life easier, especially when it comes to filling out online forms. But the recent Google Chrome vulnerability has showed that storing this data such as names, addresses, and credit card numbers, might not be such a good idea.

Recent findings from Identity Finder revealed that Google Chrome users may be at risk of unwanted parties accessing their information. Identity finder discovered that the search engine giant's data caching was storing bank account details, social security numbers and other personal records without user consent and in plain text that malware or anyone with physical access to the program could read. 

Since Chrome is the world's leading browser and the problem affects nearly all its users, more than half of all Internet users' data is vulnerable, according to Identity Finder. 

"By default, Google Chrome stores form data, including data entered on secure websites, to automatically suggest for later use," said Todd Feinman, CEO at Identity Finder. "This stored data is unencrypted text and accessible if your computer or hard drive is stolen or is infected with malware."

Identity Finder noted that Chrome's vulnerability could cause businesses to fail payment card industry data security standard (PCI DSS) compliance due to customer credit information's added exposure. 

Only the latest in privacy issues about Chrome
This information follows on criticism about Google's decision to display passwords in plain text, as CNET reported in August. Although the browser nominally hides stored passwords from casual viewing, a few clicks can reveal these details without an option to disable this function. Justin Schuh, security head for Chrome, defended the action by noting that anyone with physical access to someone's operating system can perform numerous malicious actions, and preventing users from seeing saved passwords only provides a false sense of security. 

While Schuh makes a valid point, CNET added that not informing users that their passwords can be viewed with a click also provides a false sense of security. Additionally, Firefox and Safari also both provide a master password option. Password management can be complex, and Google allowing Chrome to display plain text passwords avoids some of the problems that arise when people forget their credentials, but preventing more cautious users from heightening security may have been a misstep. 

Avoiding future security issues
Because of this, even cautious people may have their security efforts undone by their software. While Google remains responsible for fixing this problem, organizations and individuals may want to apply more stringent authentication protocols in their operations and everyday lives. Identity Finder suggested that people always clear saved Autofill data, empty the cache and clear their browsing history after any transaction or exchange of personal details. 

Multi-factor authentication and transaction verification can also eliminate some of the problems related to data caching in Chrome. 

As the digital landscape changes and as users become more reliant on online services, improved authentication methods could play a key role in reducing identity theft and negative impacts from the kind of software problems Chrome experienced.