Google Chrome Extension Steals Login Details

Google Chrome Extension Steals Login Details 155

Posted by kdawson on Saturday July 10, 2010 @02:34PM from the hey-it-was-sitting-there-in-the-dom dept.

An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users' login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.

Google Chrome Extension Steals Login Details

This discussion has been archived. No new comments can be posted.

Search 155 Comments Log In/Create an Account

Comments Filter:

Re:How is this different (Score:3, Interesting)

by binkzz ( 779594 ) writes: on Saturday July 10, 2010 @02:46PM (#32861284) Journal

You are correct, and this "news" article is hardly shocking or news. But I do agree that plugins have too many permissions.for all sites that you browse, and that security could be a lot tighter.

Re:How is this different (Score:1, Interesting)

by Anonymous Coward writes: on Saturday July 10, 2010 @02:57PM (#32861362)

Some check boxes showing which permissions the plugin wants, and which permissions you will give it, would be nice, easy, and effective at preventing something titled as a "bookmark enhancer" from stealing your passwords

Re:UGH! When are you going to learn?? (Score:2, Interesting)

by countertrolling ( 1585477 ) writes: on Saturday July 10, 2010 @03:10PM (#32861412) Journal

They ARE censoring their search results. And they are doing that everywhere, not just China. What makes you think they aren't? Because they say so? Please... stop

Re:How is this different (Score:1, Interesting)

by Anonymous Coward writes: on Saturday July 10, 2010 @03:25PM (#32861456)

Definitely not. Noscript only prevents scripts running on web pages.

Re:How is this different (Score:3, Interesting)

by yoyhed ( 651244 ) writes: on Saturday July 10, 2010 @04:36PM (#32861764)

I agree with your sentiments. However, note that in IE it does NOT warn you at all - that's not good. There should be one warning.

However, that's beside my point. I was just demonstrating that Chrome has plenty of warning for installing an extension, and that people should not get their panties in a bunch because *gasp* users ignoring a warning about downloading and installing software from third parties can lead to malicious code execution.

Re:How is this different (Score:1, Interesting)

by Anonymous Coward writes: on Saturday July 10, 2010 @04:45PM (#32861816)

Funny you should mention NoScript, since that's a plugin that's already been involved in its own scandal [hackademix.net]. Not as bad as stealing login information but still a breach of the users' trust.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Google Chrome Extension Steals Login Details 155

Google Chrome Extension Steals Login Details More Login

Google Chrome Extension Steals Login Details

Re:How is this different (Score:3, Interesting)

Re:How is this different (Score:1, Interesting)

Re:UGH! When are you going to learn?? (Score:2, Interesting)

Re:How is this different (Score:1, Interesting)

Re:How is this different (Score:3, Interesting)

Re:How is this different (Score:1, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot