The Guardian reports that a security flaw in Chrome allows anyone with access to a computer to view all of the saved logins without requiring any form of authentication.

A serious flaw in the security of Google’s Chrome browser lets anyone with access to a user’s computer see all the passwords stored for email, social media and other sites, directly from the settings panel. No password is needed to view them.

Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.

Passwords are accessed by clicking the menu icon (top-right), selecting Settings, clicking Show advanced settings at the bottom of the screen and then, in the Passwords and forms section, clicking Manage saved passwords. Passwords are initially obscured, but clicking the obscured password displays a Show button which then reveals the plain text password.

We’ve just tried it here, and it works. Bizarrely, Google’s Chrome developer team, Justin Schuh, is cited as saying Google is aware of the weakness but has no plans to fix it. Worldwide web inventor Tim Berners-Lee described Google’s response as “disappointing”, describing it in whimsical terms as “how to get all your big sister’s passwords.”

Although someone would need physical or remote access to the computer to do this, there are many shared computers in both home and work environments. Although it could be argued that access to the machine allows you to simply login to any of the stored sites directly, the difference here is that you’d be able to note a login and then use it later on a different machine.

Most browsers have a similar password-reveal function, but require a master password to be entered before passwords are displayed. In Safari on a Mac, logins are stored in Keychain, and your Mac password is required to reveal website passwords.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear