According to CyberArk security researcher Zeev Ben Porat, most Chromium-based web browsers, including the famous Chrome, seem to be affected by this inability to program.
But he is not alone. Both Microsoft Edge and Brave are prone, and even Mozilla's Firefox web browser is affected by the problem.
Which is the subject; That your browser caches all your sensitive data in clear text and not encrypted. To see the saved passwords and names you don't have toehίται φυσική παρουσία στο μηχάνημα-στόχο, ούτε δικαιώματα διαχειριστή, καθώς η απομακρυσμένη πρόσβαση ή ακόμα και η εκτέλεση ενός malware λογισμικού στο μηχάνημα-στόχο είναι επαρκής για την εξtreatment of the data.
Η better safety ελέγχου ταυτότητας δύο παραγόντων ενδέχεται να μην επαρκεί ούτε για την προστασία των λογαριασμών χρηστών, εάν υπάρχουν δεδομένα cookie στη μνήμη.
Security researcher Zeev Ben Porat describes many different types of credential data in text form that can be extracted from the browser's memory. Such as:
- Username + password used when logging in to a targeted web application
- URL + Username + Password are automatically loaded into memory when the browser is started by password management
- All URL + records name username + password stored in login data
- All cookies that belong to a specific web application (including session cookies)
The problem was reported to Google and the response was "it will not be fixed". The reason given is that Chromium will not fix issues related to physical local access attacks.
Try your own browser
Windows users can use free Process Hacker tool to test their browsers.
Simply download the portable version of the program, extract its zip file and run the file Processhacker.exe to get started. Then do the following test:
Step 1: Enter a username, password or other sensitive data in a random σελίδα in the browser you want to test.
Step 2: Double-click the main browser process in the Process Hacker process list for details.
Step 3: Go to the Memory tab.
Step 4: Turn it on button Strings on the page.
Step 5: Click OK on the page.
Step 6: Activate the Filter button in the window that opens and select "Contains" from the context menu.
Step 7: Enter the password of step 1 or other sensitive information in the "Enter the filter pattern" field and select ok.
Process Hacker will return your data if it is found in process memory.