Login credentials (URL/username/password) are stored in Chrome's memory in plain text format.This included the issue of "passwords being stored in the memory of running processes." A nightmare for usersĪfter these findings, the security researcher started to take a closer look at what the Google Chrome browser was up to and could hardly believe his eyes what he found out: He then started looking a little deeper and found that Satyam Singh had already addressed security issues in browsers in his 2015 blog post Browser-based vulnerabilities in web applications.
To his surprise, he found that the password was stored in plain text in several different places in the memory of two of those processes. Spontaneously, he decided to check if a password he had recently entered into the browser appeared in one of these dumps. He had created a mini-dump of all active Chrome.exe processes as part of a project. It's a discovery by chance, what Zeev Ben Porat made. I came across the following tweet on Twitter this week from CyberArk Labs security researchers, who disclose the issue and describe it in more detail in the blog post Extracting Clear-Text Credentials Directly From Chromium's Memory.
0 kommentar(er)
