Linux: ~/.config/google-chrome/Default/Local Extension Settings/nngceckbapebfimnlniiiahkandclblb MacOS: ~/Library/Application Support/Google/Chrome/Default/Local App Settings/nngceckbapebfimnlniiiahkandclblb
Windows: %AppData%\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb The following locations contain bitwarden's chrome.storage files: For example, if you just installed the extension recently the log file may not have been overwritten yet.
This log file is periodically overwritten by the browser, at which time the key would be permanently deleted from the system, however, depending on your usage of the extension this may not have occurred yet. However, due to the undocumented way the chrome.storage API works, there may be a lingering chrome.storage log file that still contains the encryption key on your local machine's disk. When switching your lock option to something other than "Never" this key is purged from chrome storage and is only held in memory for future use of the application. Since this was the default lock option prior to version 1.24 this occurred at least once for all users upon the first time logging into the extension. The issue occurs when a user is using the "Never" lock option, which results in your vault's encryption key (a salted and hashed version of your master password) being persisted to the host machine's disk (using the chrome.storage API). What was the problem, and who may have been affected?
0 kommentar(er)
