One wonders why one stores passwords and other sensitive data in the browser (no matter which one) in encrypted form if they are decrypted (plain text) in RAM anyway. This does not only apply to the Google Chrome or Chromium browser, but also to Firefox.
Zeev Ben Porat described this in his post, how he discovered that after launching the browser, sensitive data is stored in RAM unencrypted. When he thinks about it, it’s no wonder there are tools that can extract passwords from browsers. But that’s just an assumption. But if someone gets to your computer without being asked, it would be possible to access this sensitive data.
I tried it once with my Vivaldi, Edge and also Firefox and they all showed me the passwords used. And so it goes on:
- process hackers Download (portable), decompression
- Start the browser and log in somewhere
- Start Hacker Process
- Right click on the browser -> Properties
- Memory tab and then Strings
- In the new window, under Filter -> Contains
- Now enter your password and let it search
I was shown all possible passwords. Zeev Ben Porat also reported this to Google and they quickly responded with “Won’t fix”. 14 weeks later, Chromium made the report public. If you want to read the article in more detail:
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
