The incident occurred last week and lasted almost 18 hours until the company fixed the problem on July 25.
Failure affected Windows users who used version M127 of the Chrome browser. According to Google, approximately 2 percent of users out of 25 percent of the total base where the configuration change was deployed encountered this problem. Given the global scale, the number of affected users could have reached 17 million.
The technical cause of the incident was a «change in product behavior without proper protection of» features, as explained by Google. This indicates that the company may have accidentally released an untested update.
Google Password Manager stores user credentials in their Google accounts and offers the creation of strong, unique passwords. Of course, this is assuming that the service doesn’t disappear for almost a day because Google released a faulty update.
The incident emphasizes the risks of using browser-based password managers, even from such large companies as Google. An alternative is to use standalone password storage programs, such as LastPass or Bitwarden, although they also not insured from security issues.
This is not the only case of security problems at Google recently According to the report cybersecurity researcher Brian Krebs, recently discovered a problem with email verification when creating new Google Workspace accounts. This allowed attackers to bypass verification and impersonate domain owners in third-party services. Google quickly fixed the vulnerability within 72 hours of its discovery.
Source: Forbes, TheRegister