Google Chromium is fast and slim, but password management is buggy. There were serious security issues for this browser, according to a research made by Chapin Information Services (CIS), and these issues are still found in the recent releases of this browser. Three specific problems are found that combined could lead to attackers being able to steal passwords. So it is not known were passwords are being sent, websites that demand for passwords are not being checked and password management can be approached through invisible “form elements”,see: http://www.info-svc.com/news/2008/12-12/
These mentioned three issues, combined with 17 other unknown problems so far makes that the Chromium password manager is a risk for the uswer of it. At the moment Opera’s “password chest” is the best in terms of security, followed by Firefox 3.0. For these browsers options like invisible “form elements” are disabled, password retention is done per page and the destination of it is checked. But the overal password managment security situation for browsers is very poor. Of 21 points Firefox and Opera only pass seven. If you doubt the security of your browser’s , you may test it here: http://www.info-svc.com/news/2008/12-12/pm-evaluator/
One of the reasons I use SRWare’s Iron, tested it and it performs better here,
In fx NoScript improves & hardens password management by preventing XSS, which is the easiest way to steal a password no matter how good your password manager is (i.e., even in the Opera safest case, a XSS attacker could watch for change events on the legitimate password field and capture its content as soon as the magic wand fills it),
That also must be a security issue, you just go to the download site and download a new one where the older version was and install it over it, does that smoothly. I did that several times, no hang-ups for me. I have tested the SRWare’s Iron browser out at the password manager testing site, and my extra policy is to clear what I like to clear in the cache and passwords at the end of the session, or give in not to save passwords, but again at redirects I get all the necessary warnings, unsafe options the form was just empty etc. etc.
I hope this has convinced you to use this variety of the open source Chromium project named Iron, and that is why I posted this info here, on MozillaZine and at TentDwellers as soon as I found it. When you checked the general outcome of the test the situation of password manager security overall is rather poor, just to put that euphemistically. By the way did you read about and install the adblock.ini file inside your version of Iron, it can be downloaded from their website (Google Chrome not having that option either).
Well download Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b3pre) Gecko/20081215 Shiretoko/3.1b3pre ID:20081215044749 or IE8 beta or Opera and go to the test site, we also like to hear your results. As I stated above in fx NoScript improves & hardens password management by preventing XSS, which is the easiest way to steal a password no matter how good your password manager is (i.e., even in the Opera safest case, a XSS attacker could watch for change events on the legitimate password field and capture its content as soon as the magic wand fills it),
