Google Chrome Password Manager Flaw Triggered Outage

chrome bug bounty

Google Chrome users recently faced hours-long trouble when the browser’s password manager feature developed a flaw. The feature remained unavailable for about 18 hours, making all stored credentials disappear temporarily.

Google Chrome Password Manager Flaw

The tech giant has shared details about the recent Google Chrome Password Manager outage that hit users globally.

As explained in its incident report, the outage existed for 17 hours and 51 minutes (approx. 18 hours), during which time Google Chrome users could not locate their login credentials stored in the browser. While the “Save Password” feature continued to work, the problem typically affected the passwords’ visibility. Thus, even upon saving any passwords afresh, they could not retrieve them from the browser.

Aside from password visibility, the outage also impacted Chrome’s auto-fill feature, which meant users were supposed to fill all online forms and passwords manually. This situation caused much trouble for users relying on their browser’s auto-fill feature.

While a severe issue, it fortunately only affected a specific Google Chrome version (127.0.6533.57), thus saving the other version users from the hassle. Yet, it wasn’t much of a relief since the glitch appeared in the most recent Chrome version, which every user eventually upgraded to.

Thus, as expected, as the bug became active, users started sharing their complaints on social media. One user even posted on Reddit about facing Chrome crashes upon opening the Password Manager. Likewise, another user complained about seeing “Save Password?” prompts on every site, including the previously declined ones.

Eventually, Google came to know of the issue from numerous user complaints originating from around the world, as evident via Google’s bug report.

Google’s incident report states that the issue persisted between July 24 and July 25, 2024, impacting “2% of users out of the 25% of the entire user base where the configuration change was rolled out.” Explaining the reason, the report stated,

From the preliminary analysis the root cause of the issue is a change in product behavior without proper feature guard. Google engineers mitigated the issue by deploying a fix.

Temporary Fix Available

While more details about the flaw are yet to arrive, Google managed to develop a temporary fix for the problem, advising users to restart their browsers. Here’s the workaround that Google recommends.

Launch Chrome with ” --enable-features=SkipUndecryptablePasswords” command line flag.
Locate Chrome shortcut on desktop. If you don’t have it, go to chrome://settings/manageProfile and at the bottom enable “Create desktop shortcut”.
1. Fully exit Chrome
2. Go to desktop and right click the shortcut then click Properties.
3. To the target field paste the following string to the end ” --enable-features=SkipUndecryptablePasswords“.
4. Close the dialog with OK and launch Chrome using this shortcut.

Let us know your thoughts in the comments.

Related posts

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites

RomCom Exploits Zero Days In Recent Backdoor Campaigns