Your browser saves passwords in plain text in its memory

The Your browser may store sensitive data, including usernames, passwords and session cookies , to clear text in memory. Check how yours behaves.

process hacker

According to CyberArk security researcher Zeev Ben Porat, most Chromium-based web browsers, including the famous Chrome, seem to be affected by this inability to program.

But he's not the only one. Both Microsoft Edge and Brave are susceptible, and even its Firefox web browser are also affected by the problem.

Which is the subject; That your browser caches all your sensitive data in plain text and not encrypted. Viewing stored passwords and names does not require physical presence on the target machine, nor administrator privileges, as remote access or even the execution of malware software on the target machine is sufficient to extract the data.

Η two-factor authentication may not even be sufficient to protect user accounts if cookie data is in memory.

Security researcher Zeev Ben Porat describes many different types of credential data in text form that can be extracted from the browser's memory. Such as:

  • Username + password used when logging in to a targeted web application
  • URL + Username + Password are automatically loaded into memory when the browser is started by password management
  • All URL + username + password entries stored in login data
  • All cookies that belong to a specific web application (including session cookies)

The problem was reported to Google and the response was "it will not be fixed". The reason given is that Chromium will not fix issues related to physical local access attacks.

Try your own browser
process hacker

Windows users can use free Process Hacker tool to test their browsers.

Simply download the portable version of the program, extract its zip file and run the file Processhacker.exe to get started. Then do the following test:

Step 1: Enter a username, password, or other sensitive data on a random page in the browser you want to try.

Step 2: Double-click the main browser process in the Process list , to display details.

Step 3: Go to the Memory tab.

Step 4: Activate the Strings button on the page.

Step 5: Click OK on the page.

Step 6: Activate the Filter button in the window that opens and select "Contains" from the context menu.

Step 7: Enter the password of step 1 or other sensitive information in the "Enter the filter pattern" field and select ok.
Process Hacker will return your data if it is found in process memory.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

chromiumdatehackermemoryPasswordto process

Chromium, memory, data, Process, hacker, password

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).