An update to Google Chrome’s sign-in mechanism could clear a path to compromising the privacy of users’ browser data, according to a researcher who stumbled across the change. Matthew Green, a cryptographer, noticed his Gmail profile pic strangely and suddenly appearing in his browser window—generally a sign that a user is logged in.
However, he hadn’t actually affirmatively signed in, which threw up a red flag. This led him to parse through Google’s last Chrome update (Chrome 69), where he discovered that “every time you log into a Google property, Chrome will automatically sign the browser into your Google account for you.”
Read more about the privacy issues caused by Google’s forced sign-in to Chrome mechanism on Threatpost.