Comments on: Got Chrome?

By: Stanley

Stanley — Fri, 05 Sep 2008 09:29:54 +0000

I tried chrome, and I like it quite a lot (too bad it’s windows only for the moment). I will not change from Firefox for now, I like my extensions too much. But maybe Mozilla team could learn something from design decisions behind chrome and incorporate them in Firefox.

And the thing about passwords..Chrome tried to import my passwords from firefox, but it obviously failed. Why?

Ever heard of master password? I was pretty surprised that anyone dealing with (or interested in) security would have their passwords cached without encryption. Or maybe I’m just being paranoid (I even have master-password timeout extension installed). Off you go, set you master password immediately.

By: Tarun Gupta

Tarun Gupta — Wed, 03 Sep 2008 17:20:15 +0000

Google just released a browser chrome which has bad url handeling, Just visit http://ntoolz.net/test/testcrome.html in Google browser and hover the link, do not click and browser will crash…..

If you type about@ or about:@ in address bar (no need to hit enter) it will crash, also

If bookmark is created with a toooo long randon url in address or name then also when clicked the bookmark it will crash…..

By: Aaron Guhl

Aaron Guhl — Wed, 03 Sep 2008 14:13:02 +0000

Having your cached passwords is an issue with a lot of browsers, Firefox and IE included. Cached passwords are easily attainable through Protected Storage when you choose to save your passwords. If you have access to that local account, then you have access to all those stored passwords that you allowed your browser to store. They need to change they way they handle and store passwords, IE and Firefox in particular. Third-party credential managers help. I’ll have to play around with Chrome to see if it is any better without third-party software.

By: Denis

Denis — Wed, 03 Sep 2008 11:21:36 +0000

I’ll try it when there is a NoScript add-on for Chrome

By: John D.

John D. — Wed, 03 Sep 2008 04:48:08 +0000

I haven’t listened to the Network Security Podcast 118. I hope you did consider the entire “if it can encrypt and decrypt on the same system” issue when dealing with local password storage.

As you know, only having something you have isn’t a good password/pass-phrase storage make.

By: Christian

Christian — Wed, 03 Sep 2008 01:30:43 +0000

I’m gonna hold off for a few more days. I’m lazy and rely almost entirely on people such as yourself and the other wonderful SBN members to highlight any glaring security problems

Great post mate!

Cheers,

Christian

By: Martin

Martin — Tue, 02 Sep 2008 23:15:21 +0000

Michael, sorry for the confusion, the fact that passwords are exportable is a problem I have with Firefox, not Chrome. I had never realized before Chrome exported my passwords that they could be exported. And yes, you’re right I should be careful about which passwords I allow the browser to cache.

I’m sure we’ll hear in the next couple of days if there’s any information being sent back to Google. It wouldn’t be a smart thing for them to do, but that doesn’t necessarily mean they’ll do the smart thing. Or that they won’t give in to temptation farther down the line.

By: Michael

Michael — Tue, 02 Sep 2008 22:26:46 +0000

Martin, first off you should not save your password in Firefox. It’s not just Chrome that you should be worried about reading your stored passwords, its things like malware that you should be worried about. Also, Chrome is open source, so if it is phoning home to google with your sensitive browsing information i’m sure someone will raise a big red flag.

By: Imran

Imran — Tue, 02 Sep 2008 21:35:17 +0000

Just downloaded it after a long wait all day. My first take, it looks and feels good. More screen space, tabs on the top instead of underneath the toolbar are better. One of the first issues I have run into is that Chrome is not fully compatible with all web sites, in my case, my most visited site Hotmail, it gave me a little warning message asking me to upgrade my browser or I won’t be able to use all the features of Windows Live Mail, didn’t really miss on any features, everything worked fine, but at least Hotmail thinks it is not compatible, one of the things they will fix in the final version. Haven’t really found anything against it as of yet, will see how it goes.

By: Martin

Martin — Tue, 02 Sep 2008 21:12:26 +0000

Hmm, cookies are another big consideration I’ll have to look at before giving any more of my information to Chrome.

Besides everything else, I don’t think I like the possibility of Google having ALL of my internet traffic as well. If they’re scary with my search history, imagine what they can do if they know everything.