Search
Close this search box.
Search
Close this search box.

Why You Shouldn’t Save Your Passwords in Google Chrome?

Shouldn't Save Your Passwords in Google Chrome

Listen to the Podcast:

When registering into a website like Facebook or Twitter, Google Chrome frequently displays a pop-up prompting the user to save their password. At we describe the mechanism used to store and protect passwords and indicate whether it’s safe to select “Save.”

Is It Safe to Save Your Passwords in Google Chrome?

The Google Chrome storage mechanism poses a security risk only if the computer has been previously compromised or exposed, although the use of a database called SQLite3 adds an additional attack vector that could be exploited by cybercriminals, according to ESET, a cyber security firm.

The only known risk associated with this mechanism is the theft of stored credentials. Therefore, it is advised not to use such a database and, if you do, not to retain passwords for essential services that contain personal information, such as:

  • On line bank
  • Social media
  • medical websites

What Happens When You Allow “Store” Your Passwords?

By clicking “accept” when Google Chrome asks “Do you want to save the password? “, the user consents to the saving of the username and password submitted in a website’s login form. This information can be specifically stored in an SQLite3 database located at the following address:

  • %LocalAppData%\Google\Chrome\User Data\Default\Login Data.

This database’s tables contain a variety of fields, with the ” logins ” table containing the most sensitive data, including the ” username value ” and ” password value ” fields. These fields are meaningless without the “origin_url” field, which informs Google Chrome which website the credentials correspond to.

The other fields contribute to the mechanism’s correct operation to a lesser extent. Because of fundamental security concerns, passwords are not stored in plain text. On Windows systems, the browser employs an encryption feature provided by the operating system, CryptProtectData (Crypt32.dll), per ESET.

Is There a Real Danger with This Mechanism in Google Chrome?

Google Chrome’s “Save Password” feature is designed so that encrypted data can only be decrypted by the same user who was logged in at the time the password was encrypted. Additionally, it can be configured to only decrypt data on the same computer on which it was encrypted.

The technological behemoth does not use a password set by the user, but rather the user’s operating system credentials. Therefore, a cybercriminal would be compelled to decrypt them by logging in as the same user who created them and transmitting them.

If an attacker gains access to the computer, they could readily obtain and decrypt the plaintext passwords if this mechanism is used to store them.

This type of behavior has been observed in multiple malicious codes, including Latin America-specific banking Trojans designed to capture login credentials for online banking sites.

How Do Attacks with Your Passwords Work?

In these attacks, the cybercriminal can obtain both the structure and the contents of the tables. For instance, they could attempt to log in to Facebook using false credentials and then select the option for Google Chrome to store the credentials.

Once the username and password have been saved to the browser’s database, the user can locate the file that contains this information and access it with a database-viewing program, such as DB Browser for SQL Lite.

From there, they can locate the entries in the ” logins ” table that contain login information, such as:

  • URL
  • Username
  • Encrypted password.

The stored password is encrypted in a BLOB structure (binary large objects, such as images or audio files), and the program displays its hexadecimal representation when the user clicks on that field.

The perpetrator now has the encrypted username, website, and password, and only needs to decrypt it. Since the active user is likely to be the same one who previously saved the password, an attacker with access to the computer in question can easily decrypt the password using Crypt Unprotect Data as opposed to DB Browser.

Anyone with physical or remote access to the computer can perform these actions, so it’s important to use a strong and unique password for each account, enable two-factor authentication, exercise caution when allowing Google Chrome to save passwords, and keep your computer’s security up to date, according to ESET.


Subscribe to Our Newsletter

Related Articles

Top Trending

Motorcycle Movies on Netflix
30 Best Motorcycle Movies on Netflix of All Time to Watch Now
Best Places to Visit in Chennai
Discover 40 Best Places to Visit in Chennai for an Unforgettable Experience
Does Gibbs Leave NCIS
Why Did Agent Gibbs Depart From NCIS? The Mystery Behind His Exit
Blake Griffin Announced Retirement from NBA
6 Time All-Star Blake Griffin Announced Retirement from NBA After 14 Seasons
NASA Space Debris Florida Roof Damage
Space Debris Alert: NASA Confirms Its Trash Damaged a Florida Roof

LIFESTYLE

pohela boishakh 2024
Pohela Boishakh: Celebrating Bengali Culture and Heritage Festivities
Korean Beauty Secrets
10 Korean Beauty Secrets for Youthful Energy: Stay Young & Vibrant
Ancient Philosophers Guide to Happiness
Unlocking Happiness: Timeless Lessons from Ancient Philosophers
eid decor diy
Eid Decor DIY: 15 Creative Ideas to Spruce Up Your Home for the Festivities
50 Worries to Leave Behind When You Hit 50
Top 50 Worries to Leave Behind When You Hit 50 - A Guide

Entertainment

Motorcycle Movies on Netflix
30 Best Motorcycle Movies on Netflix of All Time to Watch Now
Does Gibbs Leave NCIS
Why Did Agent Gibbs Depart From NCIS? The Mystery Behind His Exit
Pokemon Go Updates Avatars Maps Photos
Pokemon Go Update: New Changes to Avatars, Map, Photos & More
Underrated Comedies
Top 30 Underrated Comedies You Need to Watch Now [2024 Updates]
Weston Bahr
The Success Story of Weston Bahr: From Nailed It! to Hollywood

GAMING

Pokemon Go Updates Avatars Maps Photos
Pokemon Go Update: New Changes to Avatars, Map, Photos & More
Apple's First Approved iPhone Emulator Launches
Apple's First Approved iPhone Emulator Launches, Then Gets Removed
Prime Gaming
Is 2024 the Year Prime Gaming Takes Off?
Online Games for Stress Relief
Finding Calm in the Click: A Comparative Look at Online Games for Stress Relief
Apple Introduces Retro Game Emulators App Store
App Store Welcomes Retro Game Emulators: Apple's New Gaming Era

BUSINESS

Goldman Sachs Crushes Estimates
Goldman Sachs Crushes Estimates: Stock Jumps on Stellar Q1 2024
Strongest and Weakest Currencies of Africa
List of 10 Strongest and Weakest Currencies of Africa in 2024
Låne Penger Til Depositum
Låne Penger Til Depositum – Taking Out a Loan for Deposit
Fees & Expenses in Mutual Fund Investments
Navigating Fees & Expenses in Mutual Fund Investments: A Beginner's Guide
How to Deliver Effective Customer Service Training
Empowering Your Team: How to Deliver Effective Customer Service Training

TECHNOLOGY

Google One VPN Ends
Google One VPN Ends, Pixel VPN Upgrades Coming Soon!
How to Translate Video to English Online
How to Translate Video to English Online [Updated]
AI Photo Enhancers Online
Top 6 AI Photo Enhancers Online to Improve Image Quality
Google Pixel 9 Pro vs. Pixel 8 Pro
Google Pixel 9 Pro vs. Pixel 8 Pro: Top Expected Upgrades Revealed!
adthena alternatives
Top Adthena Alternatives in 2024: Competitor Analysis Tools for Market Intelligence

HEALTH

Rock Hudson Last Days
Rock Hudson's Last Days: The Untold Story of His Final Moments
Best Stress Relief for Each Zodiac Sign
Relaxation by the Stars: Best Stress Relief for Each Zodiac Sign
Covid 19 No Link Asthma Risk Study
COVID-19 Does Not Raise Asthma Risk, Researchers Confirm
Williams Syndrome Famous People
5 Famous People in the World Dealing With Williams Syndrome [2024 Update]
5 Reasons You Should Go for Facelift Surgery
5 Reasons You Should Go for Facelift Surgery