OLV Basiliek Zwolle

Main Menu

  • Home
  • Browser list
  • Browser software
  • Browser types
  • Browser news

OLV Basiliek Zwolle

Header Banner

OLV Basiliek Zwolle

  • Home
  • Browser list
  • Browser software
  • Browser types
  • Browser news
Browser types
Home›Browser types›Your browser stores passwords and sensitive data in clear text in memory

Your browser stores passwords and sensitive data in clear text in memory

By Ronnie A. Huntsman
June 12, 2022
0
0

According to Zeev Ben Porat, security researcher at CyberArk, your web browser can store sensitive data, including usernames, passwords, and clear-text session cookies.

Most Chromium-based web browsers seem to be affected, including Google Chrome. Microsoft Edge has been tested for weakness and it has been affected by it as well. A quick test on a local Windows 11 system confirmed that browsers such as Brave and Mozilla’s Firefox web browser are also affected by the issue.

Physical access to the target machine is not required, as remote access or access to software running on the target machine is sufficient to extract the data. Mining can be done from any non-elevated process running on the same machine.

If it is necessary for the user to enter credentials such as usernames and passwords before they can be retrieved, Zeev Ben Porat notes that it is possible to “load into memory all passwords that are stored in the password manager”.

The security of two-factor authentication may not be sufficient to protect user accounts either, if session cookie data is also present in memory; mining the data can lead to session hijacking attacks using the data.

The security researcher describes several different types of plain-text credentials that can be retrieved from browser memory.

  • Username + password used when logging into a targeted web application
  • URL + Username + Password automatically loaded into memory when starting the browser
  • All records of URL + username + password stored in login data
  • All cookies belonging to a specific web application (including session cookies) Testing your browsers

The issue was reported to Google and it was promptly given a “will not be fixed” status. The reason given is that Chromium will not solve any problems related to local physical access attacks.

Zeev Ben Porat published a follow-up post on the CyberArk blog, which describes mitigation options and different types of attacks to exploit the issue.

How to test your browsers

Windows users can use the free tool process hacker to test their browsers. Just download the portable version of the program, extract its archive and run the Process Hacker executable to get started.

Enter a username, password or other sensitive data in the browser you want to test.

  1. Double-click the main browser process in the process list to view details.
  2. Switch to the Memory tab.
  3. Activate the Channels button on the page.
  4. Select OK on the page.
  5. Activate the Filter button in the window that opens and select “contains” from the context menu.
  6. Type the password or other sensitive information in the “Enter filter pattern” field and select ok.
  7. Process Hacker returns data if it is in process memory.

Now you: is your browser affected by this? What is your opinion on the matter? (Going through Born)

Summary

Your browser stores passwords and sensitive data in clear text in memory

Article name

Your browser stores passwords and sensitive data in clear text in memory

The description

According to Zeev Ben Porat, security researcher at CyberArk, your web browser can store sensitive data, including usernames, passwords, and clear-text session cookies.

Author

Martin Brinkman

Editor

Ghacks Technology News

Logo

Ghacks Technology News

Advertising

Categories

  • Browser list
  • Browser news
  • Browser software
  • Browser types

Recent Posts

  • Secret Mode: Huawei Browser vs. Samsung Internet
  • Beagle Button: Could this browser extension help you save money?
  • 7 must-see space websites that will change your perception of the cosmos
  • Browser Games Market Size Research Reports and Industry Analysis | Alien Hominid, Bejeweled, Meat Boy – Indian Defense News
  • Attackers can use “Scroll to Text Fragment” web browser feature to steal data – research

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • Privacy Policy
  • Terms and Conditions