Introduction
In a recent incident, Google has issued an apology for a bug that left a significant number of Windows users unable to find or save their passwords in the Chrome web browser. The issue began on July 24 and persisted for nearly 18 hours before being resolved on July 25. According to Google, the disruption was caused by “a change in product behavior without proper feature guard.”
The Scope of the Issue
The password problem affected Chrome users worldwide, rendering passwords saved in the Chrome password manager invisible and preventing new passwords from being saved. This issue was confined to the M127 version of the Chrome browser on the Windows platform. The exact number of impacted users is difficult to determine, but with over 3 billion Chrome users globally and a large proportion using Windows, it’s estimated that around 750 million users experienced the configuration change. Of these, Google estimates approximately 2%—around 15 million users—were directly affected by the password manager issue.
Interim Workaround and Final Fix
During the disruption, Google provided an interim workaround, albeit a user-unfriendly one, requiring users to launch Chrome with the command line flag —enable-features=SkipUndecryptablePasswords. Thankfully, the full fix now available only requires users to restart their Chrome browser. Google thanked users for their patience and apologized for the inconvenience caused by the service disruption. Users who continue to experience issues are advised to contact Google Workspace Support.
Accessing and Using Google’s Chrome Password Manager
For those unfamiliar with Google’s Chrome password manager, it can be accessed through the browser’s three-dot menu by selecting Passwords and Autofill, then Google Password Manager. Users can also install the password manager app from the Chrome settings and access it directly from the Google apps menu. If prompted by Chrome to autofill a password, selecting “manage passwords” will also take users directly to the password manager.
Switching to Google’s password manager from a standalone service involves exporting your passwords from the other application as a .CSV file. Ensure the file is correctly formatted with column names: url, username, and password. Import this file into Google Password Manager via passwords.google.com by selecting Settings|Import. After importing, remember to delete the .CSV file from your device to prevent unauthorized access.
Is Google’s Chrome Password Manager the Best Choice?
While Google’s Chrome password manager is user-friendly, it may not be the best option for everyone. Standalone password managers often offer additional security features, such as two-factor authentication, auto-generation of strong passwords, and robust encryption methods. For example, 1Password uses end-to-end encryption, 256-bit AES data encryption, and a 128-bit secret key for added security. The master password protects the password vault on your device, making it difficult for attackers to access your passwords without it.
Google’s Chrome password manager also offers on-device encryption. Users can set this up to use their Google password or the screen lock on compatible devices to unlock passwords or passkeys. Detailed instructions are available on Google’s support page, noting that once on-device encryption is set up, it cannot be removed.
Additional Google Security Issues
Passwords weren’t the only security measure affected recently. Investigative cybersecurity reporter Brian Krebs revealed that email verification also went missing for some Google Workspace account creations. This vulnerability allowed bad actors to bypass email verification, impersonate domain holders, and access third-party services. The issue was linked to free trials offered by Google Workspace, which should have required domain validation. Google fixed the issue within 72 hours of it being reported, and no previously associated domains were compromised.
In another incident, According to a Stanford University research paper, approximately 280 million people downloaded malware-infected Google Chrome browser extensions from the Chrome Web Store over a span of nearly three years, from July 2020 to February 2023. Out of 346 million total downloads of these types of extensions, the study found that a significant portion involved malicious software. Contrarily, Google disputed these findings. Google claimed that less than 1% of all Chrome Web Store installs contained malware, amounting to about 250,000 in 2024. This discrepancy highlights the challenges in accurately assessing the scale of such security breaches and underscores the importance of robust cybersecurity measures for users.
Conclusion
The recent bug in Google’s Chrome password manager highlights the importance of robust cybersecurity measures and the potential impact of software issues on millions of users. While Google has resolved the issue and apologized, the incident serves as a reminder to evaluate the security features of the tools we use and consider additional layers of protection where necessary.
At The Scam Protector, we save people from getting scammed by raising awareness and informing them about prevalent online scams. You can do it too just by joining our tribe on Twitter , Facebook, Quora, Reddit, LinkedIn, and Whatsapp channel.
