SecurityXploded.com
Exposing the Password Secrets of Google Chrome - www.SecurityXploded.com
 
Exposing the Password Secrets of Google Chrome
 
 
See Also
 
 
About Google Chrome
Google Chrome browser is the latest entry into the ongoing web browser war, mainly ruled by IE and Firefox. The word Google behind the Chrome has given it lot of hype and popularity than any other browser got in such a short duration. However some of the salient features such as searching from the same address bar, thumbnail view of top sites, private browsing etc makes it stand apart from other browsers in the market.
 
 
Google Chrome Password Manager
Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. Whenever user logins to any website, he/she will be prompted to save the credentials for later use and if user chooses so, then the username & passwords will be stored in internal login database. So next time onwards whenever user visits that website, he/she will be automatically logged in using these stored credentials which saves hassle of entering the credentials every time.

Also user can opt to never store the credentials for a particular website. In such case that website is added to the exception list and user will never be prompted again to remember the password for that website.

 
Internals of Google Chrome Login Secrets
Chrome maintains internal database for all the settings and book keeping things in the default profile location. Generally on pre-Vista machines the profile path is located below
C:\Documents and Settings\<username>\Local Settings\Application Data\Google\Chrome\User Data\Default
On Vista onwards, default profile location will be as follows
C:\Users\<username>\Appdata\Local\Google\Chrome\User Data\Default
Where <username> refers to currently logged on user.
The profile folder contains lot of files pertaining to history, bookmarks, cache, settings etc. However there is one interesting file called 'Web Data' where Chrome stores all the login passwords. Newer version has moved the login passwords related database into new file named 'Login Data'.

This login database file is in SQLite format which is lighter version of popular SQL database. In addition to login credentials it also stores other information such as auto complete entries, IE7 Logins, search keywords etc.

The 'logins' table is where all the login or sign-on secrets are stored by Chrome. This table contains following interesting fields

  • Origin_URL - Base URL of the website
  • Action_URL - Login URL of the website
  • Username_element - Name of the username field in the website
  • Username_value - Actual username
  • Password_element - Name of the password field in the website
  • Password_value - Encrypted password
  • Date_created - Date when this entry is stored
  • Blacklisted_by_user - Set to 1 or 0 based on if website is blacklisted or not.

Except the password field all other fields are entered in clear text. The password for all stored websites is encrypted using Triple DES algorithm seeded with logged on user's password. That means login secrets cannot be decrypted across the user or system boundaries unless under certain conditions.

Though this mechanism allows only logged on user to view his/her chrome secrets, it cannot prevent any malicious programs running on the system from stealing the user's chrome passwords. That way Firefox offers better security by providing option to set the master password to view the stored login passwords.

You can use any SQLite editor to view the contents of this login database file. Here is the snapshot of the SQLite Database Browser showing the contents of 'logins' table...

SQLite Browser showing Secrets of Chrome
 
 
Recovering Chrome Secrets using 'Chrome Password Decryptor'
One can decrypt or recover the login secrets stored by Chrome using Chrome Password Decryptor tool. This chrome password recovery application automatically detect the default chrome profile path for the current user and displays all the stored login credentials in clear text after decrypting them. It also shows all the blacklisted website entries added by the user. Export feature can be used to save the login secrets to the local file in HTML format.

Here is the snapshot of ChromePasswordDecryptor showing the recovered login passwords,

ChromePasswordDecryptor

For more information and to download ChromePasswordDecryptor, please visit the tool page here.
 
 
See Also