In the last five years, users have reported the same bug to the Chrome team for 43 times. In reality, the issue users found is not a bug at all.
The bug that has got users panicking revolves around Chrome’s Developer Tools, a pop-up panel with debugging tools added to Chrome to help web designers and developers.
The Chrome Developer Tools allow users to alter a page’s content in real-time, alter CSS styles, investigate network requests, and many other more.
Over the years, several users have discovered that they could use Chrome’s Developer Tools to unmask the password asterisks inside password fields, revealing the password in legible text. The procedure goes as follows:
Step 1: User enters a password inside a password field
Step 2: User opens Developer Tools and locates password field code
Step 3: User changes password field HTML code by altering the “type” attribute from “password” to “text”
Step 4: Chrome now displays the password field as readable text
The last time users reported this bug was Christmas Day this year, four days ago. The bug is sometimes referred to by Google engineers as “Users can steal their own password.”
While this looks to be quite grave, the issue is nowhere near as dangerous as some users might think. The fact that 43 users (most likely developers) reported this shows how little people know about how browsers handle passwords.
The astonishing number of times users reported this bug over and over again forced the Chrome team to explain why this happens, why the “bug” isn’t a big deal, and how little it counts when it comes to Chrome’s security threat model.
One of the most…