{"id":3813,"date":"2013-10-21T12:30:28","date_gmt":"2013-10-21T16:30:28","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=3813"},"modified":"2013-10-21T12:30:28","modified_gmt":"2013-10-21T16:30:28","slug":"chromes-effort-at-efficiency-may-leave-users-vulnerable","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/10\/21\/chromes-effort-at-efficiency-may-leave-users-vulnerable\/","title":{"rendered":"Chrome’s effort at efficiency may leave users vulnerable"},"content":{"rendered":"

Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, into website forms, experts say.<\/p>\n

Additional steps are necessary because Chrome will store the data in plain text in its web history log on the hard drive. The browser retrieves the information as needed to avoid having the user retype the same data into other forms.<\/p>\n

Researchers at Identity Finder created proof-of-concept malware that could take the data and send it to a third party. The security vendor claims Google could make the process more difficult for hackers by having the browser encrypt the data before it is stored.<\/p>\n

Chrome lets the operating system encrypt the data, if that\\’s how the user has the OS configured. With Windows, Microsoft offers full disk encryption through its BitLocker feature.<\/p>\n

“It would be harder to get at the data (if encrypted),” said Aaron Titus, chief privacy officer for Identity Finder.<\/p>\n

Google said the vendor is making a lot out of nothing because Chrome gives the user full control over how it stores data.<\/p>\n

“Chrome asks for permission before storing sensitive information like credit card details, and you don\\’t have to save anything if you don\\’t want to,” the company said in a statement sent to CSOonline. “Furthermore, data stored locally by Chrome will be encrypted if supported by the underlying operating system.”<\/p>\n

Security assessment is ongoing<\/p>\n

Identity Finder specializes in software that finds sensitive information on PCs, so it’s not surprising that it recommends better data management. For example, browser makers could detect when someone is typing in a credit card number and not store the data.<\/p>\n

“Chrome, and probably browsers and other programs in general, need to deploy sensitive data management practices,” Titus said.<\/p>\n

chrome security<\/p>\n

Other experts did not consider Chrome’s handling of personal data a serious problem.<\/p>\n

“I believe it makes sense to store the web history information in an encrypted format to avoid this information leakage problem, but it is not a critical issue,” said Wolfgang Kandek, chief technology officer for Qualys.<\/p>\n

Malware written to steal information from a PC would go after much more than a browser history log, Kandek said. For example, the malicious software would likely intercept keystrokes to steal credentials used on websites and grab data from unlocked password stores.<\/p>\n

Where extra precautions need to be taken is when a person sells or gives away an older PC. “If their hard drive is sold on something like eBay and was not properly wiped they are clearly at risk,” said Paul Henry, computer forensics specialist for Lumension.<\/p>\n

To avoid having sensitive data accessed, sellers need to reformat their hard drives before handing the system to a buyer, Kandek said.<\/p>\n

But if the computer user is savvy enough not to save credentials or to regularly clear the browser cache, then the storing of history logs becomes a “non-issue,” Henry said.<\/p>\n

via Chrome’s effort at efficiency may leave users vulnerable | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,9],"tags":[190,849],"class_list":["post-3813","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-chrome","tag-privacy"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Zv","jetpack-related-posts":[{"id":9938,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/google-antitrust-ruling-breakdown-what-this-means-for-chrome-and-search\/","url_meta":{"origin":3813,"position":0},"title":"Google Antitrust Ruling Breakdown – What This Means for Chrome and Search","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/ELXjmrnN1uM The panel breaks down the antitrust ruling that could force Google to sell Chrome, stop paying Apple billions for default search placement, and fundamentally reshape the internet. This is just one explosive topic from This Week in Tech - we also discuss AI's environmental impact and the government's security\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ELXjmrnN1uM\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":3813,"position":1},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":3813,"position":2},"title":"Millsplain It to Me – This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9297,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/02\/11\/this-week-in-tech-653-x-stands-for-nothing\/","url_meta":{"origin":3813,"position":3},"title":"This Week in Tech 653: X Stands for Nothing","author":"NCCT","date":"February 11, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9vdjtG9ozeQ HomePod should have been delayed longer. Elon Musk's rollercoaster week: Falcon Heavy sends a Tesla to Mars just as Tesla has its worst quarter ever. iPhone boot code leaked online. Chrome will shame insecure websites. YouTube suspends Logan Paul for generally being a horrible human being. Rethinking Facebook and\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9vdjtG9ozeQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9804,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/11\/08\/maximum-iceland-scenario-data-caps-3rd-party-android-stores-nuclear-amazon\/","url_meta":{"origin":3813,"position":4},"title":"Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon","author":"NCCT","date":"November 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/P5MkCwktKz0 Data Caps, 3rd Party Android Stores, Nuclear Amazon \u2022 Google must crack open Android for third-party stores, rules Epic judge \u2022 Google asks 9th Circuit for emergency stay, says Epic ruling \u2018is dangerous\u2019 \u2022 Canceling subscriptions is about to get easier \u2022 The FCC is looking into the impact\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/P5MkCwktKz0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9430,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/05\/the-prosecco-experience-this-week-in-tech-691\/","url_meta":{"origin":3813,"position":5},"title":"The Prosecco Experience – This Week in Tech 691","author":"NCCT","date":"November 5, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9Pm9vDm1-sg Apple\u2019s new Macs and iPads, CIA\u2019s not-so-secret websites, Twitter voter suppression, and more. -- Apple announces new MacBook Air and Mac Mini, then blows them both away with its new iPad Pro. -- Apple will no longer tell us how many iPhones it sells. -- How to kill an\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9Pm9vDm1-sg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=3813"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3813\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=3813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=3813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=3813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}