That nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.
That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information. Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge. They are:
- The destination where passwords are sent is not checked.
- The location where passwords are requested is not checked.
- Invisible form elements can trigger password management.
Google’s shiny new Chrome browser was among the worst offenders. According to the study, Chrome’s password manager contains multiple unpatched issues that “form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.”
Read the entire article here
See my blog article on Password Programs here