Be Careful With Google Chrome Profiles
You might have something still logged in and not realize it
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Google Security | Cloud Governance | DNS Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I’ve been testing Google Chrome Profiles again. In the past I disabled them because they caused more problems than they were worth. That still may be true.
I had different AWS accounts open in different profiles for a particular reason. I always log out of my AWS accounts when I close down my computer.
However, when I came back and pulled up one of my profiles, it still had my AWS account logged in.
I know for a fact I logged out of that particular account. I would *never* leave that particular account logged in. Others were still logged in when I selected other profiles as well.
What is going on with Google Profiles??
Also, it is not obvious how to remove them once you add them to Google Chrome.
When you click the icon for your current profile on the top right it shows you a list of profiles.
Click the gear next to other profiles.
I like to uncheck the show on startup box.
Then you have to click the three dots at the top right of each profile and remove each one individually.
In the most recent Okta breach the report suggested that the issue had something to do with the compromised support person’s Google profile.
I also wrote about how when you have some malware installed in a profile via and extension and you delete and reinstall Google Chrome, it will reinstall the infected extension.
Here’s another thing I noticed. When I log out of some accounts the icon goes away. Other profiles retain the icon even after logging out. Inconsistency is usually not a good thing for security. I don’t understand why this happens.
Also, right now I’m getting different login screens depending on which profile I log into.
In incognito mode and for certain accounts I see this:
For other accounts I see this:
Hard to know if I’m on a valid login screen or not.
The other thing is, I added a hardware security key for an account with Google’s new passkey screen that seems to have a bug and I can’t figure out how to use it. It keeps prompting me for a phone number even though I want to use my hardware security key.
You can turn off phone numbers in Google Workspace but sometimes you want that option as a backup.
Keep an eye on this. I still prefer incognito mode for sensitive accounts and I might just get rid of all these profiles. Still testing.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2024
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab