Major Web browsers fail password protection tests

Chrome, Safari fail password protection testsThat nifty password management feature in your favorite Web browser could be helping identity thieves pilfer your personal data.

That’s the biggest takeaway from the results of this test which shows that all the major Web browsers — including IE, Firefox, Opera, Safari and Chrome — are vulnerable to a total of 20 vulnerabilities that could expose password-related information. Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user’s knowledge. They are:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.

Google’s shiny new Chrome browser was among the worst offenders. According to the study, Chrome’s password manager contains multiple unpatched issues that “form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.”

Apple’s Safari for Windows browser was also failed a majority of the tests (click image for full version):

Major Web browsers fail password protection tests

Technical details of the test, which was conducted by Chapin Information Services, can be found here.

[Source: zdnet]