We all know very well that many users point out that, if we need local access to take advantage of a discovered vulnerability, it is not really a problem of such severity. However, today in this article we will tell you about a new vulnerability of Google Chrome through which anyone with the local access can steal Chrome data easily.
You Can Steal Chrome Data (If You Have Local Access)
Many point out that, if we need local access to take advantage of a discovered vulnerability, it is not really a problem of such severity. On the other side, we have those who think that, with the huge number of methods to get local access to a device, it matters little whether the vulnerability can be exploited remotely or with local access. Whatever your position, today we will tell you about a vulnerability that allows stealing data from Google Chrome if we have local access to the PC (including passwords).
So, today in this article we will explain how easy it is to steal Chrome passwords from any PC. The tech giant Google’s Chrome browser is the most widely used on the planet, which focuses many glances and makes the security holes come out first. For that reason, with each new version, we usually have a long string of applied patches and rewards paid to their discoverers.
It is possible to steal Google Chrome data if we have local access to the PC
According to the sources, a security flaw in Google Chrome that has just been revealed allows any user to access information stored by the browser. In this case, we talk about passwords, bookmarks, history and the data of auto-filling of forms.
In order for the security failure to remain active, it is necessary that the current user of the computer uses the Google Chrome browser and, in addition, have a session started on the computer. First, you must close from “chrome://settings/people” and then re-start it, but this time with another Gmail account.
When we do, we will be shown a message indicating that recently that profile has been used by another user. At that point, two options will be given. The first one is to mark “It’s not my profile” and the second is to mark “It’s my profile”. In the second case, we are warned that we will proceed to “add my bookmarks, my history, my passwords and other configuration options” to the new account.
From there, if we visit “chrome://settings/?Search=password” we can see all the passwords stored by the old user in the browser. At the moment, everything indicates that Google does not plan to solve this security failure because it is something that can only be done locally. However, we would like to request from here the implementation of some type of additional security to prevent it from being used for purposes contrary to the originals.
The tech giant Google has already made it clear that they have no intention of solving this error, and in a way it is normal, because although it bothered to cover this failure, there would still be many other ways by which a user with local access to a computer could be done with this information, not only in addition to Google Chrome but of virtually any program.
Since these failures do not interest the developers, we must take care of our data ourselves to avoid being stolen locally, for example, blocking the computer whenever we are not sitting in front of it.
So, do you think that local security failures are less important than remote ones? Simply share your views and thoughts in the comment section below.