SUMware
Premium
join:2002-05-21
| Google's Chrome Browser - Security & Privacy Issues
Here's a brief summary for those interested:
Chrome is a security nightmare, indexes your bank accounts September 04, 2008
After playing around with Google’s brand new Chrome browser, we’ve discovered that its history search box will fetch all types of data - even text from HTTPS-protected financial sites like Washington Mutual and Capital One. With a few utterly simple keywords like balance, account and Sept., everything from balance information, account numbers and even how much you spent at Costco can be pulled up.
Chrome: Google's biggest threat to your privacy September 4, 2008
The danger comes from one of Chrome's niftiest features, what it calls the Omnibox. The Omnibox is, in fact, the browser's Address Bar, but it has a feature that looks at what you type, and then auto-suggests sites that it thinks you're about to enter. As you type, the suggestions appear.
As you type, your text is sent back to Google, which analyzes it and makes the auto-suggestions. That's why you don't even need to press Enter for the text to head to Google.
Google's New Chrome Browser Vulnerable to Exploits 09/04/2008
On Tuesday, Google released a beta version of its new Chrome browser. One day later, security researchers had already found two significant flaws in its design. |
|
Kiziller
@rr.com
| Good info, but couldn't you have posted this in the main Chrome thread ? »Chrome Browser (Google) combats IE8's Privacy Tools
We don't need to crap up the forum with more shizitt on a subject that is so obsolete already !  |
|
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
| reply to SUMware
While I'm all for keeping similar content in one article. It needs to be kept in mind that many times in larger threads some good information can become overlooked.
"on a subject that is so obsolete already"
I'd also take issue with any such statement above. How can this be an already obsolete subject when the browser was just released? Has Google addressed this in some way that now makes everyone bow to the "do no harm" bs?
--
Test PC Security
Cable Diagnostics
Blog
ZoneAlarm Help Vista x64 Comcast BroadVox Direct |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| reply to Kiziller
said by Kiziller :We don't need to crap up the forum with more shizitt on a subject that is so obsolete already ! Don't like it? Press the back button on the browser...
--
"In the future, that which is not mandatory will be illegal" |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
 ·Clearwire Wireless
| reply to SUMware
Mahalo for posting that SUMware 
Things tend to get lost in megathreads & this is something that I'm glad I didn't overlook. |
|
SUMware
Premium
join:2002-05-21
1 edit | reply to SUMware
My concern reflects the opinions of the above members. Sometimes information can be overlooked in a large thread. This thread was started as a convenience for members.  |
|
EGeezer
Summertime -
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| reply to SUMware
Good information - it will be interesting to see haw Google responds to the issues. After this and their copyright statement gaffe, I wonder what else will be uncovered.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
Kiziller
@rr.com
| reply to SUMware
said by SUMware :Sometimes information can be overlooked in a large thread. Exactly. If that is all the more interest that there is in the subject, then overlooked is right where it belongs. If yer interested enough to read the big thread then you are interested enough to find the info useful. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | True to a degree, but a brief synopsis is worth it's weight in gold.
--
"In the future, that which is not mandatory will be illegal" |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to EGeezer
said by EGeezer :Good information - it will be interesting to see how Google responds to the issues. That's a good question that I hadn't considered.
Judging by it's debut, Google may need something more frequent than a 'patch Tuesday'.
"Patch 2 O'clock" has nice ring to it. |
|
Frodo
join:2006-05-05
Lees Summit, MO
| reply to SUMware
Removal was less than clean. After removing it, I had to manually clear out the folder at C:\Documents and Settings\~userid~\Local Setting\Application Data\Google. That was where the cache was located. Also located there was the history acquired from Firefox. There was also registry settings at HKLM\Software\Google and HKCU\Software\Google. These locations are my recollections, since I've cleared them out, nothing to go back and check on. In C:\Documents and Settings\~userid~\Local Setting\Temp I found the remnants of the googleupdate.exe, somewhat renamed, and a couple of dlls beginning with go*.dll. |
|
Kiziller
@rr.com
| said by Frodo :Removal was less than clean. Seems like I read in another thread that removal was automatic, you just had to wait a couple of hours. Maybe that process was a clean un-install. Since I run Deep Freeze, I just rebooted afer a couple of minutes of fiddling with it. Took 50 seconds to rid my box of all traces. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | "...you just had to wait a couple of hours"?
WTF? Let me get right on that for ya... |
|
Kiziller
@rr.com
| said by Its a Secret :WTF? Let me get right on that for ya... Let me save you the trouble. I'm gonna have that whole big long thread re-quoted in this one just so you won't miss anything. What else do you really not care to know about it ? I'm sure you are using it, aren't you ?
From ; »Chrome Browser (Google) combats IE8's Privacy Tools
said by redhatnation :"Google Update Task uninstalls itself when there is no Google software using it. It may take a few hours for Google Update to detect it is time to uninstall." The automation is cute. Using a standard add/remote method is arguably better though. Now, is that a clean install or does it leave junk behind like Norton ? Be sure to update the other thread with any pertinet info. Don't want anybody to miss anything now. |
|
redhatnation
Premium
join:2005-06-02
Woodbridge, VA
·Comcast
| said by Kiziller :said by Its a Secret :WTF? Let me get right on that for ya... Let me save you the trouble. I'm gonna have that whole big long thread re-quoted in this one just so you won't miss anything. What else do you really not care to know about it ? I'm sure you are using it, aren't you ? From ; » Chrome Browser (Google) combats IE8's Privacy Toolssaid by redhatnation :"Google Update Task uninstalls itself when there is no Google software using it. It may take a few hours for Google Update to detect it is time to uninstall." The automation is cute. Using a standard add/remote method is arguably better though. Now, is that a clean install or does it leave junk behind like Norton ? Be sure to update the other thread with any pertinet info. Don't want anybody to miss anything now. Hey, a quote!
Mine was a clean install/uninstall using Add/Remove Programs applet. The scheduled task hasn't removed itself yet. Been a few days now. |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| reply to Kiziller
said by Kiziller :
Let me save you the trouble. I'm gonna have that whole big long thread re-quoted in this one just so you won't miss anything. What else do you really not care to know about it ? I'm sure you are using it, aren't you ? Wow, you're quick on the uptake, eh?
I guess you have it all covered for us. We don't even need to read anything except your posts to get the skinny, right?
--
"In the future, that which is not mandatory will be illegal" |
|
OZO
Premium
join:2003-01-17
1 edit | reply to SUMware
Re: Google's Chrome Browser - Security & Privacy Issues
Regarding to the history search box and Omnibox. If I can recollect, the story is just repeating itself...
I remember that m$ started collecting users data in IE and kept it in hidden places (folders, index files, registry, etc). Of cause it was done thinking about "user's benefits"... Users have discovered that and start complaining about it - "how can I remove it?" Ok, here is our (m$'s) solution - press on this button and you won't see it anymore (literally). But those, who really want to see it - they still be able to do the job. Later users have discovered that as well and start removing personal data by many different ways (including running in Safe Mode, using hundreds of cleaning programs, etc.). Finally, m$ allowed to clear the records and for those who they called - tin foil hats - even to remove the index file, hoping that NTFS will take good care about it, without any notice for many...
It looks like the same story we have with Google browser too - we see the first step again: "we do it all for user's convenience", of cause... Then, users discover and start to complain that private info may be easily found and seen by anyone. Next step, accordingly to the story - they will hide it from users, until those "smart-asses" will discover all the places, ... What's next? See paragraph above. It could be very similar.
But wait! Now it's even "better". With m$'s approach - your data may be transferred on a month by month interval (when users usually automatically run so-called "Malicious Software Removal Tool"). With this new approach the data may hit the target almost at real time - here is a service running on background. Enjoy the new level of care about you and your data...
--
Keep it simple, it'll become complex by itself... |
|
Frodo
join:2006-05-05
Lees Summit, MO
| reply to Kiziller
said by Kiziller :
Seems like I read in another thread that removal was automatic, you just had to wait a couple of hours. Maybe that process was a clean un-install. Since I run Deep Freeze, I just rebooted afer a couple of minutes of fiddling with it. Took 50 seconds to rid my box of all traces.
Well, I didn't poke around the registry or the folders mentioned until the next day. Meanwhile, the computer had run several hours after the uninstall, and several hours on the next day, before I began to poke around. So, I don't know, but in my case, the uninstall needed a little boost from me. Actually now, I've poked a little more and in C:\Documents and Settings\~userid~\Local Settings\Temp, there is a file "chrome_installer.log" which contained some references that I used for cleaning up. Trouble is, I don't see the same references as when I supposedly "cleaned up" this box, so I can't cite them. That meant that something ran after I thought I had the box cleaned up. However, the file hasn't been touched in 2 days. I think I'll see if I can configure auditing on the file. |
|
danny9
Go Ahead, Make My Day
Premium
join:2002-07-14
Clinton Township, MI
clubs: 
·VoicePulse
·Comcast
| reply to SUMware
Good post SUMware.
Starting this thread separate from the other was the right thing to do.
Let's keep the issues apart from each other.
The privacy issues are what really bother me about Chrome.
As bad as I wanted to try this, I'm gonna wait to read Google's remarks to their Eula and the security and privacy issues you have bought up.
Thanks,
Dan
--
VoicePulse 07/29/04 |
|
FunnyBones
Premium
join:2004-01-22
usa
·Vonage
| Great post on google I think privacy is pretty much killed on the net but some of us that have been in the game for while know how corporations work. I am going to go a bit off topic but think about it like this you have webpages like myspace&facebook that have been logging all your faces in a big database and even youtube. Google has also been logging all your data with intellipedia and google urchin and many other avenues that even include googles cache and others like the internet archive or clusty. I think privacy is becoming a word to make you feel all fuzzy inside sort of like google and open source and I know for one I wont be using it.
Well with all that said I was reading a few blogs that have some nice info....
»www.web-strategist.com/blog/2008···r-chrome
»www.betanews.com/article/The_Goo···20545728
--
Are you part of the cattle? |
|
