Google Inc (NASDAQ:GOOG)’s Chrome browser is so popular that it launched a line of laptops of the same name. However, that popularity may now take a dip as a major security flaw was discovered by data management firm Identity Finder. For those worried about identity theft or privacy, the flaw couldn’t be much worse; it’s far too easy to access e-mail addresses, street addresses, phone numbers, bank account numbers, social security numbers, and even credit card numbers.
Private information is not encrypted
The people of Identity Finder found that any time this information is typed into webforms of trusted websites or directly into the Chrome browser address bar, the data is written directly onto your hard drive in—wait for it—PLAIN TEXT. This is not done with an opt-in or opt-out option, it’s just done without your knowledge or consent.
For anyone who has physical access to your computer, the mining of this data is child’s play, and it’s equally easy to harvest this information if a data collecting trojan horse is installed on your machine.
The function of a browser cache is to store files from websites, mainly to speed up the display of web pages on your next visit.
The risk for information theft is high
“Private information is being served on a silver platter for any criminal industrious enough to gain access,” says Identity Finder CEO Todd Feinman. “This should frighten any consumer or business using Google Inc (NASDAQ:GOOG)’s Chrome.”
This is not the first time that Chrome has been found wanting when it comes to security. Last July, NSS labs determined that between Firefox, Safari, Internet Explorer and Chrome, Google’s browser offers the poorest privacy protection.
“By default Google Chrome stores (web) form data, including data entered on secure websites, to automatically suggest for later use,” says Feinman. “This stored data is unencrypted text and accessible if your computer or hard drive is stolen or is infected with malware.”
Clear your Chrome’s cache, and do it often
Suffice it to say that if you’re reading this on a Chrome browser, stop right now, clear Chrome’s cache and only then please return to this article. Learn how to clear it, do it now, and do it often—at least until this hole is plugged.
“This is no longer a theoretical risk that can be dismissed,” Feinman says. “The fact that these security risks have been hard-coded into Chrome for so long only adds to the urgency for browser makers to secure all stored browser data.”
This fix may not come quickly. However, as it is rooted in the very foundation of Chrome, it could be fixed overnight. “If Google Inc (NASDAQ:GOOG) properly prioritizes this issue with enough resources, it can mitigate this risk very quickly,” Feinman says.
You still here? Clear your cache again please.