Clarifications regarding chrome.storage security
55 views
Skip to first unread message
Nikita Vasilyev
Jun 19, 2023, 6:46:31 PM6/19/23
to Chromium Extensions
https://developer.chrome.com/docs/extensions/reference/storage/#storage-areas says:
"Local and sync storage areas should not store confidential user data because they are not encrypted."
"Local and sync storage areas should not store confidential user data because they are not encrypted."
1. Is local and sync storage data not encrypted before writing to disk? (I believe the message implied that)
2. Is the sync storage data encrypted on the server?
3. Is the sync storage data transmitted over HTTPS, WSS, or something else?
Nikita Vasilyev
Jun 23, 2023, 9:44:14 PM6/23/23
to Chromium Extensions, Nikita Vasilyev
Regarding #3:
Using chrome://net-export/ and https://netlog-viewer.appspot.com/, I've been able to check that myself:
t= 5769 [st= 133] HTTP3_HEADERS_SENT
--> :method: POST
:authority: clients4.google.com
:scheme: https
:path: /chrome-sync/dev/command/?client=Google+Chrome&client_id=???
--> :method: POST
:authority: clients4.google.com
:scheme: https
:path: /chrome-sync/dev/command/?client=Google+Chrome&client_id=???
hrg...@gmail.com
Jun 24, 2023, 12:14:30 AM6/24/23
to Chromium Extensions, Nikita Vasilyev
The sync storage is also stored locally in case there's no internet connection at any given moment. This local copy of the sync storage as well as the local storage proper are stored on disk in plain JSON text.
Reply all
Reply to author
Forward
0 new messages