Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/24/2018
04:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

In Quiet Change, Google Now Automatically Logging Users Into Chrome

The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.

In a change with potentially worrisome privacy implications, Google has begun to automatically log users in to Chrome whenever they use the browser to sign into Gmail or any other Google service.

The change, introduced quietly with the new Chrome 69 release earlier this month, is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to its other services. Previously, Gmail users concerned about Google collecting their browsing data could use Chrome without necessarily being signed into the browser.

But starting with Chrome 69, the only way users can do that is to not be logged into any Google service at all. Signing into a Google account will automatically sign them into Chrome. Signing out of Chrome will automatically sign users out of their other Google accounts.

In a blog Sunday, Matthew Green, a security researcher at Johns Hopkins University, blasted the change as having enormous implications on user privacy and trust. "The change makes a hash out of Google’s own privacy policies for Chrome," Green noted.

The privacy policies – up until this week, at least – made it very clear that when people are using Chrome in "basic browser mode," their data is stored locally, and when they are signed into Chrome, their browsing data is shipped to Google. The implication up to now has been clear, Green said. "If you want privacy, don't sign in," he says. "But what happens if your browser decides to switch you from one mode to the other, all on its own?"

Until Green's post on Sunday, few knew about Google's update. The only indication of the change is that users' Google profile pictures or icons now appear in the righthand corner of the browser window when they are logged into a Google account.

In a Twitter thread responding to Green's blog post late Sunday night, Google software engineer Adrienne Felt insisted that though Google is now automatically signing people in to Chrome, it does not mean the company is automatically uploading their browsing data as well.

In order for that to happen, users have to take the additional step of turning on a "Chrome Sync" feature after they are signed in, she said. By syncing, users can access their Chrome browsing histories across all devices. But Sync does not happen automatically when people get signed into Chrome, according to Felt.

She added that Google is updating its privacy notices "ASAP" to better clarify the implications of its automatic sign-in update for Chrome.

The new feature that automatically signs people into Chrome is called "identity consistency between browser and cookie jar." The only reason Google has added the feature is to prevent confusion among people sharing devices, Felt said in tweets that echoed comments made by two Chrome developers to Green. "In the past, people would sometimes sign out of the content area and think that meant they were no longer signed in to Chrome, which could cause problems on a shared device," Felt said.

For example, an individual using a computer where another user might have previously signed into Chrome could end up having cookies from his browsing sessions uploaded to the originally signed-in user's account, Green said. However, this becomes a potential issue only for users who sign in to Chrome in the first place, he noted.

The problem that the update is supposed to address does not impact users who choose not to log in to Chrome at all. If the problem has to do with signed-in users, it makes little sense for Google to make a change that forces unsigned users to become signed-in users, Green said.

Troublingly, Google's new menu for users signing into Chrome is also so vague that people could easily end up granting consent to sync their browsing data when they, in fact, did not intend to do so, Green said. Where previously users had to put in the effort of entering their credentials to sign in to Chrome, they can now end up consenting to data upload "with a single accidental click."

Google also has not made clear what data exactly it will upload when a previously logged-out user logs in to Chrome and turns on the Sync feature. It's not clear whether in this case Google will upload all of the data that was previously stored locally on the user's device, Green noted.

Dark Reading has observed an equally confusing message when a user signs out of Gmail these days. The message notes that the user is signed out and that syncing is paused, and then adds:  "Your bookmarks, history, passwords, and more are no longer being synced to your account but will remain on this device. Sign in to start syncing again."

In her tweets, Felt noted that Chrome data is not being uploaded without a user specifically consenting to syncing it. So it is not clear what other "bookmarks" or "history" it is that Google is referring to when it talks about "syncing." Google did not respond to Dark Reading's request for clarification. In response to a request for comment on Green's concerns, Google pointed to Felt's Twitter stream.

Related Content:

 

 

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AndrewfOP
50%
50%
AndrewfOP,
User Rank: Moderator
9/25/2018 | 4:51:18 PM
Chrome as a web browser
Notice this as soon as Chrome was keeping my login on the browser.  This is why I am glad Chrome is not my primary browser.  Quite frankly, any of minimalist design web browser is annoying to me.  I will keep my feature rich browsers.  Thank you very much.

 
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-20001
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
CVE-2020-36317
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
CVE-2020-36318
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
CVE-2021-28875
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
CVE-2021-28876
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...