Security Problems for Chrome and Gmail Users

A recent change to Google’s Chrome browser is making us and other online security experts nervous. That’s because a new “feature” that Google introduced with Chrome version 69 to make users online experience easier may leave those same users vulnerable to security problems they didn’t expect. These security problems for Chrome and Gmail, and other Google services is also creating problems for IT and Security companies like Digital Uppercut, because we now have to protect our clients from this new issue.

What Google Sync Does For Chrome Users

If you’re a Chrome user, you know that you can log into Chrome so that the browser stores your passwords and form-fill data, among other things. This is a convenience for Chrome users because they no longer need to remember complex passwords for their online accounts, or enter the same personal information into online forms.

This feature also allows users to log into browsers on other devices, including mobile phones, and have all of the same stored information sync to those devices through the Chrome browsers as well.

Up to now, the user has had to explicitly log into Chrome to enable this sync feature, called Google Sync.

Google’s Change to Chrome 69

Up to now, logging into other Google services, such as Gmail, Google Docs, Google Analytics and Google Ads was separate from logging into Google Chrome. Google’s change to Chrome causes the user to be logged into Chrome when they log into these (and any other Google service) to also be logged into Chrome.

And so now, users on shared computers who are logging into specific Google services -- and then logging out of those services -- remain logged into Chrome unless they explicitly log out of the browser as well.

Here’s Where The Security Problems for Chrome Happen

So that means that when a second user sits at this shared computer, they may have access to the first user’s passwords. Would you like to log into Fred’s bank? No problem. Just have a seat at his computer once he’s gone and visit his bank’s website. If Fred has saved his bank password, Chrome will offer to enter it into the form for you, after which you’ll have access to his accounts.

It’s very easy to imagine how bad this problem can get...but it gets worse.

Of course, it’s bad news if we’re talking about Fred’s personal bank account, but what if it’s your company’s bank account?

And not only are Fred’s business and personal passwords available to the next user, but so is Fred’s other personally identifiable information (PII), as well as your company’s private data. Want to know Fred’s social security number? No problem. Just visit a new bank and open a new account. When they ask you for Fred’s SSN, Google will happily give it to you. Google’s new security problem makes identity theft easier than ever.

How Google Sync Makes This Problem Worse

Google Sync on its very own poses problems, too. When Google Sync is enabled, your and your company’s information is stored in Google’s cloud data stores. If that data is eventually breached -- which is entirely likely one day -- so is your company’s data.

It also poses problems because some users use the same Google Chrome account for both home and business browsing. As a result, they may be storing business passwords in their personal Chrome accounts, effective going right around any protections that you, your IT company, and your policies might be trying to enforce.
And the problem gets multiplied into possible HIPAA violations if this problem ends up giving access to medical records and other PII.

Protect Yourself And Your Company

What’s your best solution to deal with security problems for Chrome and other vulnerabilities like this? The first step is to find out whether are experiencing this or any other hacks, weaknesses or vulnerabilities. They can come not only from new software and services, but old and outdated ones as well. So one of the very first things we do with any new client of our IT services or Network Security Services is to perform a security audit so that we can find issues like this that you might not even be aware of.

Once we find the vulnerabilities, we can set policies on your network or create rules on your firewalls or software to block such activity. And we go further by installing monitors to catch a variety of new issues that we can’t even imagine yet.

That’s why you should call Digital Uppercut. We are cyber security experts and do this kind of work for businesses like yours every day. Not only are we effective at finding and resolving security problems for Chrome and other issues like this, we are also backed by a Million Dollar Ransomware Guarantee in case your network is ever attacked and your data held for ransom. Call Digital Uppercut at 818-913-1335 for a security or IT evaluation, or contact us today here.