latest updates from easySERVICE™
Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, into website forms, experts say.
Additional steps are necessary because Chrome will store the data in plaintext in its Web history log on the hard drive. The browser retrieves the information as needed to avoid having the user retype the same data into other forms.
Researchers at Identity Finder created proof-of-concept malware that could take the data and send it to a third party. The security vendor claims Google could make the process more difficult for hackers by having the browser encrypt the data before it is stored.
Chrome lets the operating system encrypt the data, if that’s how the user has the OS configured. With Windows, Microsoft offers full disk encryption through its BitLocker feature.
“It would be harder to get at the data (if encrypted),” Aaron Titus, chief privacy officer for Identity Finder, said.
Google said the vendor’s is making a lot out of nothing because Chrome gives the user full control over how it stores data.
“Chrome asks for permission before storing sensitive information like credit card details, and you dont have to save anything if you dont want to,” the company said in a statement sent to CSOonline.
“Furthermore, data stored locally by Chrome will be encrypted if supported by the underlying operating system.”
Other experts did not consider Chrome’s handling of personal data a serious problem.
“I believe it makes sense to store the Web history information in an encrypted format to avoid this information leakage problem, but it is not a critical issue,” Wolfgang Kandek, chief technology officer for Qualys, said.
Malware written to steal information from a PC would go after much more than a browser history log, Kandek said. For example, the malicious software would likely intercept keystrokes to steal credentials used on Websites and grab data from unlocked password stores.
Have something to add to this story? Share it in the comments.
Source: Associated Press