How a Chrome Flaw Damages the Google Stock Story

Can you imagine businesses unplugging from Google's (GOOGL 0.65%) popular browser? I can. According to a new flaw report, Chrome may store sensitive data on your hard drive in plain text and without adding encryption.

Source: Google.

The report comes courtesy of Identity Finder, a maker of products for identifying vulnerable spots in corporate networks. Tests of "several" of the company's employee computers found Chrome storing unprotected copies of the most sensitive types of personal data, including names, email addresses, mailing addresses, phone numbers, bank account numbers, Social Security numbers, and credit card numbers.

Nor were the problems isolated. Identity Finder found similar vulnerabilities among all workers who consistently use Chrome as their primary browser, Chief Privacy Officer Aaron Titus wrote in a blog post describing the findings.

"Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware. There are dozens of well-known exploits to access payload data and locally stored files," Titus writes.

As accusations go, this is as serious as it gets for the Google stock story. In June, researcher NSS Labs found that Microsoft, while often excoriated for security lapses, was home to the world's safest browser. Internet Explorer 10 blocked 99.6% of malware thrown it in the firm's tests. Chrome blocked 83.2%, a respectable second-place showing.

Now, not even six months later, we're forced to ask about the 16.8% that gets through. Can they read a hard-drive history file? If so, is it fair to say hackers have an easier time stealing from Chrome users?

Google says no. In a response sent to USA Today, a spokeswoman called Chrome "the most secure browser" and that Chrome OS encrypts stored data by default. Identity Finder responded that Chrome has several databases, some of which remain unencrypted despite containing personally identifying data.

The takeaway? Identity Finder might be nitpicking in its assessment of Chrome. Even so, it's probably best to ensure you take extra steps to change passwords and clear cache regularly for every browser you use. Here's a quick tutorial for accomplishing that in Chrome.