Chrome, Firefox & Co. affected
Almost all common browsers are affected by an extensive security gap. Attackers could read users’ passwords in plain text from the main memory, security researchers warn. In addition to Google Chrome, Mozilla Firefox and Microsoft Edge are also at risk.
Version:102.0
Languages:German
License:freeware
Platforms:Windows Vista, Windows 7, Windows 8, Windows, Windows 10
Browsers store passwords in plain text
CyberArk Labs security researchers have one Vulnerability in Google’s Chrome browser found, which apparently also exists in Firefox and Edge. According to their own statements, they have succeeded in reading sensitive user data from the main memory. Here, among other things, account and access data, but also the content of cookies, should be visible in unencrypted plain text.
The security experts around Zeev Ben Porat managed to get the data using the small tool “ProcessHacker”. Assuming appropriate access to the computer, the discovered vulnerability can basically be exploited at will. According to CyberArk Labs all browsers that use the Chromium engine are affectedwhich is mainly developed by Google (source: CyberArk Labs).
But according to Windows and security expert Günther Born, Browsers such as Mozilla Firefox affected where Chromium is not used. In all common browsers, it is also possible to load the passwords stored in the password manager into the main memory for further attacks.
More tech news at a glance:
Google is aware of the problem, but dismisses it
According to CyberArk Labs, it has informed Google as the operator of the Chrome browser about the security gap. However, Google is said to have stated that it did not want to close the gap. Such attacks would “outside Chrome’s threat model” are located, according to the published Reason.
There would be “no way” for Chrome to defend against a malicious attackerif they already have access to the system and can run software with the rights of the operating system user account.