Sensitive data like social security numbers and credit card information is being stored by Google Chrome, leaving the data vulnerable to sniffing by attackers, according to researchers.
An examination “pinpointed several Chrome SQLite and protocol buffers storing a range of information including names, email addresses, mailing addresses, phone numbers, bank account numbers, social security numbers and credit card numbers,” according to a blog post.
Researchers at Identity Finder examined multiple computers of employees who regularly use the Chrome browser, and confirmed with the users that the sensitive data being stored had only been entered into “secure, reputable websites” but was saved by Chrome in the History Provider Cache and possibly the Web Data and History databases.
“Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware. There are dozens of well-known exploits to access payload data and locally stored files,” the researchers stated.
“An attacker would only have to trick a user into permitting access to their file system. Attackers could acquire vast amounts of personal information without requiring users to enter anything into a form, or system credentials. In addition, someone with access to a hard drive, for example after a computer is sold on Craigslist, would have access to all of this information, even if it is deleted.”
Read More Here…