He then started looking a little deeper and found that Satyam Singh had already addressed security issues in browsers in his 2015 blog post Browser-based vulnerabilities in web applications. To his surprise, he found that the password was stored in plain text in several different places in the memory of two of those processes.
Spontaneously, he decided to check if a password he had recently entered into the browser appeared in one of these dumps. He had created a mini-dump of all active Chrome.exe processes as part of a project. It's a discovery by chance, what Zeev Ben Porat made. I came across the following tweet on Twitter this week from CyberArk Labs security researchers, who disclose the issue and describe it in more detail in the blog post Extracting Clear-Text Credentials Directly From Chromium's Memory.
0 kommentar(er)
