OMG!! Chrome (Google’s browser) indexes HTTPS pages – even online banking details

This would seriously have been one of the biggest mistakes known to man if it wasn’t for the fact that people actually downloaded it!

Chrome, which is Google’s new answer to the web browsing war, has revealed a serious flaw in it’s search and indexing. Nevermind the fact that Chrome is meant to keep processes in a single tab, rather than spreading it out as a single instance/process, but obviously something wrong has happened when the guys at Google didn’t even bother to check against something this simple before throwing it out to the public.

I for one (even with my MSFT hat on) is going to steer as far away from Chrome as is humanly possible.

“Thinking like a hacker, my first plan of attack was to enumerate or list the financial services.  After enumeration, I could drill down into the exact accounts and transactions.  By simply typing in Visa, Mastercard, account and the names of popular banks you can find the types of accounts and which institution they belong to.  In my case, Capital and Washington worked just fine.  To get my account balance, I just typed in “balance” and to get transaction information I entered “transaction”.  Typing in “costco” pulled up how much I spent on my last trip.”

I wonder how long it’ll take for hackers, malware, spyware and virus writers up there to hook into some of these nifty little inbuilt features.

Well done Google for thinking on such an advanced level – you’re simply so far ahead of the competition that it blows my mind. Honestly, you’ve even managed to get extremely far ahead of the malicious people out there that you’ve provided them with such an excellent tool.

To read the full story (AFTER you’ve uninstalled Chrome that is), go here:

TG Daily – Chrome is a security nightmare, indexes your bank accounts

Technorati Tags: ,,