How To Hack Passwords Using Google Chrome

IT Support Forum Forums Other Technology How To Hack Passwords Using Google Chrome

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 3 years ago.

  • Author
    Posts
  • #863

    Webmaster
    Keymaster

    Today I found something very scary about Google Chrome and the way it stores passwords! It’s actually possible to view someone’s stored passwords in Google Chrome. This is a really easy hack to view all someones saved passwords:

    1. First log in as the user (or log into their computer administratively, perhaps using Hirens to hack the administrator password, then reset their password or get a copy of their profile and apply it to your account)
    2. Visit the following web page in Google Chrome:

      chrome://settings/passwords

      This will take you to the password settings within Google Chrome, it’s not an actual website

    3. Next, click the password that’s currently unreadable (next to any website you want to see the users password for)
    4. A Show button will then appear next to the password, click Show to see what password the user stored in Google Chrome

    This is a really scary hack because everybody has stored a password at some point. Also because Google Chrome runs in the user context, it’s really easy to write a program / virus that connects to Google Chrome using a handle and read the passwords. Also, most people use the same set of passwords, so probably all their passwords will be stored here and readily available.

    My advice:

    • Secure your computer using BitLocker
    • Secure your computer with a BIOS password
    • Secure your Windows logon with a secure password and username that it’s guessable. Set Windows not to store the last logged in users details at the Welcome screen and not to cache logins
    • Apply all Windows Updates
    • Ensure you have an up to date Antivirus program
    • Alternatively (although, preferably additionally), prevent Google Chrome asking to save passwords and delete all cached passwords from Google Chrome!

You must be logged in to reply to this topic.