Google Apologizes for Chrome Password Manager Bug Affecting Windows Users
Google has issued an apology after a bug prevented many Windows users from accessing or saving their passwords through Chrome’s password manager. The issue, which began on July 24 and lasted for nearly 18 hours before being resolved on July 25, was attributed to “a change in product behavior without proper feature guard.” This explanation may sound familiar to those affected by recent disruptions in similar services.
The bug affected Chrome users globally, rendering previously saved passwords invisible and preventing the storage of new passwords. Google clarified that the problem was limited to the M127 version of Chrome Browser on the Windows platform.
Impact of the Bug on Users
The exact number of users affected by this bug is challenging to determine. However, given that Chrome has over 3 billion users worldwide, with a significant portion using Windows, a considerable number were impacted. Google stated that 25% of users were subjected to the configuration change, equating to roughly 750 million people. Of these, around 2%, or approximately 15 million users, experienced the password manager issue.
Resolution and Interim Measures
Google provided an interim workaround that required users to start Chrome with the command line flag “–enable-features=SkipUndecryptablePasswords.” However, a more user-friendly fix has since been deployed, which simply requires users to restart their Chrome browser. Google thanked users for their patience and apologized for the inconvenience caused by the disruption. They advised users experiencing additional issues to contact Google Workspace Support.
Using Google’s Chrome Password Manager
To access Google’s Chrome password manager, users can go to the browser’s three-dot menu and select Passwords and Autofill, then Google Password Manager. Alternatively, the password manager Chrome app can be installed from the settings, allowing direct access from the Google apps menu. Users prompted to autofill a password can also select “manage passwords” to reach the manager.
For those considering switching from a standalone password manager to Google’s service, the process is straightforward. Users can export passwords from their current manager in a .CSV file, ensuring it is correctly formatted. They can then import this file into Google’s system through passwords.google.com, choosing Settings|Import. After importing, users should delete the .CSV file to protect their data.
While Google’s Chrome password manager is convenient, it may not offer the same level of security as dedicated password managers, which often include features like two-factor authentication, secure password generation, and more robust encryption methods. For instance, services like 1Password use end-to-end encryption, 256-bit AES encryption, and other advanced security features to protect user data.
Recent Google Security Issues
In addition to the Chrome password manager issue, Google has recently addressed another security lapse involving email verification for new Google Workspace accounts. According to cybersecurity reporter Brian Krebs, this flaw allowed bad actors to bypass email verification during account setup, potentially leading to impersonation attacks. Google fixed this vulnerability within 72 hours of it being reported, ensuring no domains previously associated with Workspace accounts were affected.