In association with heise online

14 December 2008, 16:03

Google Chrome bottom in Password Security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to Richard Chapin, Google's Chrome scored lowest in a test of password management security, but other browsers didn't fair much better. The security expert found security flaws in the Firefox 2 password management two years ago. He tested Google Chrome during its beta period and Chapin's company, Chapin Information Services (CIS) had reported three bugs in Chrome that were not fixed by release time. Chapin said that, along with seventeen other issues in Chrome's password manager, they created "a toxic soup of potential vulnerabilities that can coalesce into broad insecurity".

Safari 3.2 for Windows was also added to the CIS testing, and "essentially tied for the worst password manager" with Chrome. CIS's tests are made up of 21 specific checks to ensure the browsers are not easily fooled into giving up the password information that they have remembered for the browser user. Phishers could exploit these flaws to trick a browser into disclosing a username and password for a third parties site.

Interestingly, Google Chrome was the only major browser that passed one test; not filling in a form when auto-complete is set to off, but this only brought its score up to 2, the same score as Safari. No browser scores well on Chapin's tests. The "winner" was Opera 9.62, which only passed 7 of the 21 tests. CIS have a test suite which allows users to evaluate their own browser against the CIS tests.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit