Security flaws in Google Chrome could enable attackers to capture personal data stored in the browser’s history files, researchers said Friday.
In a blog posted last week, researchers at security firm Identity Finder outlined methods for accessing personal data from Chrome’s History Provider Cache, even if the data has been entered on a secure website. Some data also may be accessible through Chrome’s Web Data and History databases, the researchers say.
The researchers found flaws in Chrome’s SQLite and protocol buffers, which sometimes store personal information such as names, email addresses, mailing addresses, phone numbers, bank account numbers, social security numbers and credit card numbers.
“Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware,” the blog states. “There are dozens of well-known exploits to access payload data and locally stored files.”