Your browser may store sensitive data, including usernames, passwords, and session cookies, in plain text in memory. Check how yours behaves.
According to CyberArk security researcher Zeev Ben Porat, most Chromium-based web browsers, including the famous Chrome, seem to be affected by this inability to program.
But he is not alone. Both Microsoft Edge and Brave are prone, and even Mozilla's Firefox web browser is affected by the problem.
Which is the subject; That your browser caches all your sensitive data in plain text and not encrypted. Viewing stored passwords and names does not require physical presence on the target machine, nor administrator privileges, as remote access or even the execution of malware software on the target machine is sufficient to extract the data.
Two-factor authentication security may not even be enough to protect user accounts if there is cookie data in memory.
Security researcher Zeev Ben Porat describes many different types of credential data in text form that can be extracted from the browser's memory. Such as:
- Username + password used when logging in to a targeted web application
- URL + Username + Password are automatically loaded into memory when the browser is started by password management
- All URL + username + password entries stored in login data
- All cookies that belong to a specific web application (including session cookies)
The problem was reported to Google and the response was "it will not be fixed". The reason given is that Chromium will not fix issues related to physical local access attacks.
Try your own browser
Windows users can use free Process Hacker tool to test their browsers.
Simply download the portable version of the program, extract its zip file and run the file Processhacker.exe to get started. Then do the following test:
Step 1: Enter a username, password, or other sensitive data on a random page in the browser you want to try.
Step 2: Double-click the main browser process in the Process Hacker process list for details.
Step 3: Go to the Memory tab.
Step 4: Activate the Strings button on the page.
Step 5: Click OK on the page.
Step 6: Activate the Filter button in the window that opens and select "Contains" from the context menu.
Step 7: Enter the password of step 1 or other sensitive information in the "Enter the filter pattern" field and select ok.
Process Hacker will return your data if it is found in process memory.