back to article Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update

Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update. The Google glitch occurred late last week and took until July 25 for the nearly 18-hour incident …

  1. Pascal Monett Silver badge
    Mushroom

    And once again, why trust a code you don't know ?

    My little password database is secure, if only because nobody knows its format, where it is or what's in it.

    It could be a plaintext file in a specific (non Windows-managed) location. It could be an Excel spreadsheet on my NAS. It could be in my StickyNotes.

    What it is not is depending on the vagaries of some remote entity I have no control over.

    It used to be called a Personal Computer.

    Emphasis on the word Personal.

  2. b0llchit Silver badge
    Joke

    Audit flagging

    What secretly happened: The code in question was flagged in a security audit telling them that passwords were stored. Storing passwords is against policy and the code must therefore be removed.

    We call this a feature, not a bug ;-)

  3. alain williams Silver badge

    This is less forgivable than the ClownStrike debacle

    At lease ClownStrike has the tissue thin excuse that it needs to get patches out quickly to prevent day-0 exploits. I do not think that this Google update was urgent and thus has no excuse to not go through proper QA.

    But for both of them: QA costs money that neither wants to pay for, especially when the cost of damage is paid for by someone else.

    1. heyrick Silver badge

      Re: This is less forgivable than the ClownStrike debacle

      While this bug is more egregious than most, if you recall Google's infamous interview questioning, plus add to that the fact that the company is hardly running on a shoestring...

      ...you start to ask yourself why their apps are generally rather naff, why some things that should be simple are incredibly tedious if not impossible (making/uploading subtitles for YouTube videos, for instance), and why their apps on their own mobile OS are not flagship products. And why the hell the update text just says some generic rubbish like "Bug fixes and performance improvements" rather than saying what's actually changed.

      It seems like the method is to do the minimum necessary in order to have the product sort of do what it's supposed to do, until they get bored of it and kill it off.

  4. dadbot5000

    This is why I don't use browser based password management. I use a password manager with an extension for my browser so I know google or firefox or MS isn't snooping or worse.

  5. cosmodrome

    No Master Password?

    Does Chrome's password manager still not allow master passwords? I don't know why it didn't last time I checked but I decided not to trust Chrome then.

    1. EmBlaze

      Re: No Master Password?

      It can use Windows Hello

      1. Michael Wojcik Silver badge

        Re: No Master Password?

        All authenticators are terrible, but biometrics are the most terrible.

    2. Sora2566 Silver badge

      Re: No Master Password?

      Google is of the opinion that if someone is logged in as you, then there's nothing you can do that will stop them from figuring out your passwords. Which may or may not be true from a technical standpoint, but at least Firefox doesn't make it *easy*.

  6. SystemD_Sucks

    Bitwarden

    Peace of mind.

  7. Anonymous Coward
    Anonymous Coward

    can you imagine...

    If this Chrome update had been pushed just prior to the Crowdstrike sys file?

  8. Anonymous Coward
    Anonymous Coward

    not only chrome on windows but also chromium v126 and opera v112 on linux are also affected.

    screenshots:

    chromium https://ibb.co.com/02SJwXW

    opera https://ibb.co.com/jgXBJZF

  9. t0m5k1
    FAIL

    @ElReg

    Why would you suggest lastpass at all.

    I don't get it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like