Major Web browsers fail password protection tests
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
![Chrome, Safari fail password protection tests](https://www.zdnet.com/a/img/2014/10/04/e54f622a-4b63-11e4-b6a0-d4ae52e95e57/googchromeicon.png)
That's the biggest takeaway from the results of this test which shows that all the major Web browsers -- including IE, Firefox, Opera, Safari and Chrome -- are vulnerable to a total of 20 vulnerabilities that could expose password-related information. Among the problems are three in particular that, when combined, allow password thieves to take passwords without the user's knowledge. They are:
- The destination where passwords are sent is not checked.
- The location where passwords are requested is not checked.
- Invisible form elements can trigger password management.
Google's shiny new Chrome browser was among the worst offenders. According to the study, Chrome's password manager contains multiple unpatched issues that "form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity."
Apple's Safari for Windows browser was also failed a majority of the tests (click image for full version):
Technical details of the test, which was conducted by Chapin Information Services, can be found here.