With its minimalistic design and its lightening-fast loading times, its little wonder that Google Chrome is the web browser of choice for 40.8% of internet users, according to the latest data from StatCounter. But while people love the fact that Chrome usually works without a hitch, could it be that the world’s favorite web browser is leaves something to be desired when it comes to keeping your data secure?

That’s what the security folks at Identity Finder seem to think. The research firm has just published a blog post highlighting a number of security flaws in Google Chrome that could give hackers a way to capture personal data stored within its history files.

Identity Finder‘s team outlined a variety of methods in their blog post, which could allow attackers to access personal data from the History Provider Cache in Google Chrome using its Sensitive Data Manager program, even in cases where data has been entered on secure website. The flaws were found in Chrome’s SQLite and protocol buffers, which often store the personal data of web users, such as their names, email, phone numbers, bank details, credit card and social security numbers. In addition, some of this data could also be accessed via the History and Web Data caches on Chrome, the researchers said.

“Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware,” noted the researchers.

“There are dozens of well-known exploits to access payload data and locally stored files.”

According to Identity Finder, these vulnerabilities aren’t a new discovery – they’ve been known about for some time – but their research is believed to be the first time that anyone has demonstrated how they can be exploited to steal personal data:

“By connecting the dots, we hope to educate all Chrome users that Chrome stores sensitive data unencrypted, alert users of the risks of stored Chrome data, and encourage individuals and enterprises to engage in sensitive data management best practices.”

Screenshot of exposed data in plain text

Fending Off The Data Thieves:

Identity Finder’s research isn’t the first time that Chrome’s security has been brought under scrutiny. Earlier this year, software designer Elliott Kember revealed a glaring flaw within Google Chrome that could allow anyone to access your passwords and saved data, simply by borrowing your computer and visiting to Chrome’s settings – chrome/settings/passwords – where all of your secrets can be seen in plain text. To date, Google still hasn’t given users the option of masking this data or protecting it with a password, though the security conscious can get around it by using a password manager such as Lastpass or RoboForm, or by locking their admin account and only allowing friends to use Chrome with a guest account.

As for this latest flaw, Identity Finder added that while Google has been informed of its research, the web giant is yet to respond or issue any kind of fix. In the meantime, the researchers have provided the following advice for concerned Chrome users to protect their data in the following infographic:

 
See more security related stories like this on our Security Trends Springpad collection.