top | item 3633940

Secuity flaw in Google Chrome?

1 points| skid | 14 years ago | reply

I was at a friend's party a week ago and he was playing music on youtube. I mistakenly logged into his Google Chrome (this is a recent feature) with my google account and logged out immediately when I realized my mistake.

Some days later I logged in and connected my own Google Chrome with my google account. I got all the friend's bookmarks, which is ok. A day later, I opened the browser and tried to log into gmail (I didn't have the "remember me" option turned on) and I got my friends email AND password pre-filled in the gmail login form. I could read his password with document.getGetElementById('Passwd').value.

Has anyone also done this? Google is apparently syncing your passwords unencrypted.

4 comments

[+] capocani|14 years ago|reply

Not a security flaw, you just synced his browser settings with your account. The proper way to log into another person's Chrome is by adding a new user in the "Personal Stuff" area first.

[+] skid|14 years ago|reply

I think the security flaw here is that google is keeping your password unhashed somewhere on their servers.