Researchers have found that browsers like Chrome and Firefox store a great deal of visitor information, much of which can be easily discovered and taken by cybercriminals.
Exabeam researchers came to this conclusion after visiting sites listed on the Alexa Top 1000 list with both browsers. The first used Firefox to simply visit a site and it was found that even without logging in or taking any actions some basic information was retained, such as device type and geolocation. When the visits took the next step, using Chrome, and logged into accounts and perform a basic function, like sending email, a great deal of data was
In the latter case detailed location data, passwords, email address, URLs visited was retained in the browser and extracted relatively easily, Exabeam said, adding credentials stored in Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera can be compromised by cybercriminals who misuse the free NirSoft tool WebBrowserPassView tool.
“While ostensibly designed to help users recover their own passwords, it can be put to nefarious use. The recent ‘Olympic Destroyer' malware used to disrupt the Pyeongchang Olympic Games reportedly took advantage of user credentials saved in the browser, the report said.
Exabeam did note that it's possible to protect an end point by simply installing an anti-virus program.