A report by Chapin Information Services (CIS) has said Google’s Chrome and Apple Safari performed the worst, failing all but two of the 21 tests performed. However, effectively, all the browsers did not get a passing grade, with only Firefox and Opera managed to 7 out of the 21 tests, or 1/3 of the tests; and Internet Explorer managed to pass 5 tests.
Chrome’s password managed failed three tests which were highlighted by the CIS as particularly risky, meaning that a malicious website can steal passwords that have been stored in the browser’s password manager. Firstly, Chrome failed to check the path that the passwords were being sent; secondly, it failed to check the domain where passwords were requested; and lastly, invisible form elements can trigger the password management software.
“These three problems, combined with seventeen others so far identified in Chrome’s password manager, form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity,” the CIS said in a statement. It also notes that most secure browser that is the closest in meeting the three criteria was Opera (version 9.62).
“Currently, the password manager that is closest to solving the first three problems is built into Opera 9.62. With invisible form elements deactivated, options to limit saved passwords to a single page, and partial destination checking, this is certainly one of the more worry-free products,” it said.