Wednesday, July 13, 2022
HomeCyber SecurityDownside with Google Chrome Profiles and Caching | by Teri Radichel |...

Downside with Google Chrome Profiles and Caching | by Teri Radichel | Bugs That Chunk | Jul, 2022


I instructed you to not retailer my stuff and also you’re storing it anyway?

I’ll be trustworthy, I haven’t explored Google profiles but intimately however I despise the best way profiles work now. Each time I open my browser I might get a web page with a myriad of profiles. As a result of it’s not immediately intuitive like Google merchandise are usually, I find yourself creating the identical profile for a similar person a number of instances in my haste.

Sure. I’m in all probability doing one thing “incorrect.” However the level of excellent UI Design is that you simply don’t have to determine what you’re doing incorrect. It simply works. It’s intuitive.

Extra importantly, the shortage of intuitiveness introduces a safety downside.

I simply wrote about how the brand new design of AWS SSO causes potential safety points by caching credentials inadvertently typed into person title fields:

OK mix that with the truth that by some means, after I use this new-fangled Google profile performance, it not clears my cache on ever browser exit. I didn’t change these settings. The one factor that modified was Google Chrome. And it not works.

Now after I re-open my browser I’m nonetheless logged into issues despite the fact that I had my settings set to clear caches and cookies on exit.

Hey Google: For those who’re storing that individually for each profile now, DEFAULT to what the person had initially set of their browser as the worldwide default.

Total, I actually dislike Google profiles and the time I’ve to spend making an attempt to determine what’s inflicting this and clicking by means of three additional issues after I login. I did work out flip that preliminary display off however now I ponder what number of extraneous profiles I’ve created.

Thumbs down on the brand new Google profiles UI and performance and I ponder if there are some bug bounty alternatives in there as effectively. I haven’t had time to look into it however my intestine tells me there are some points with the applying logic and caching.

The truth is, one such CVE was lately disclosed as famous in my final publish:

Teri Radichel

For those who appreciated this story please clap and comply with:

Medium: Teri Radichel or E mail Listing: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests companies through LinkedIn: Teri Radichel or IANS Analysis

© 2nd Sight Lab 2022

____________________________________________

Creator:

Cybersecurity for Executives within the Age of Cloud on Amazon

Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching

Is your cloud safe? Rent 2nd Sight Lab for a penetration take a look at or safety evaluation.

Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.

Cybersecurity & Cloud Safety Assets by Teri Radichel: Cybersecurity and Cloud safety courses, articles, white papers, displays, and podcasts



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments