Brian H. Madsen
Computer says no

OMG!! Chrome (Google’s browser) indexes HTTPS pages – even online banking details

September 5th 2008 in 2533

This would seriously have been one of the biggest mistakes known to man if it wasn’t for the fact that people actually downloaded it!

Chrome, which is Google’s new answer to the web browsing war, has revealed a serious flaw in it’s search and indexing. Nevermind the fact that Chrome is meant to keep processes in a single tab, rather than spreading it out as a single instance/process, but obviously something wrong has happened when the guys at Google didn’t even bother to check against something this simple before throwing it out to the public.

I for one (even with my MSFT hat on) is going to steer as far away from Chrome as is humanly possible.

“Thinking like a hacker, my first plan of attack was to enumerate or list the financial services.  After enumeration, I could drill down into the exact accounts and transactions.  By simply typing in Visa, Mastercard, account and the names of popular banks you can find the types of accounts and which institution they belong to.  In my case, Capital and Washington worked just fine.  To get my account balance, I just typed in “balance” and to get transaction information I entered “transaction”.  Typing in “costco” pulled up how much I spent on my last trip.”

I wonder how long it’ll take for hackers, malware, spyware and virus writers up there to hook into some of these nifty little inbuilt features.

Well done Google for thinking on such an advanced level – you’re simply so far ahead of the competition that it blows my mind. Honestly, you’ve even managed to get extremely far ahead of the malicious people out there that you’ve provided them with such an excellent tool.

To read the full story (AFTER you’ve uninstalled Chrome that is), go here:

TG Daily – Chrome is a security nightmare, indexes your bank accounts

Technorati Tags: ,,


required - won't be displayed

Your Comment:


Another public call goes out.
i used to have an application which would list my remote desktop connections/terminal services connections and make it easy to connect from a single catalog, but i’ve forgotten what the application name was.
Can anybody recall a (any will do) program which would give me an easy overview of the remote desktop […]

Previous Entry

The saying goes “you are what you eat!”..Well, to me that’s a superficial statement and i think it’s far more important to remember “You are what you do!” instead. I’m a father of two beautiful, intelligent and well-rounded girls and they’re without a doubt the biggest blessings in my life. A day doesn’t go […]

Next Entry

  • An error has occurred, which probably means the feed is down. Try again later.