Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update

Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update.

The Google glitch occurred late last week and took until July 25 for the nearly 18-hour incident to finally be signed off as fixed.

The issue, which was limited to Windows users on the M127 version of the Chrome browser, meant that users were unable to find saved passwords. "Approximately 2 percent of users out of the 25 percent of the entire user base where the configuration change was rolled out, experienced this issue," Google said.

According to the search giant, "the root cause of the issue is a change in product behavior without proper feature guard." It all sounds suspiciously like a faulty update being pushed out.

The issue was global, and the actual number of affected users could run into the millions. According to figures from the International Telecommunication Union (ITU), there were 5.4 billion internet users in 2023. Chrome's market share is 65.68 percent, according to StatCounter. As such, more than 17 million users might have received the broken update and, as Google put it, "experienced the issue."

• Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
• FYI: Data from deleted GitHub repos may not actually be deleted
• Adobe exec likened hidden cloud subscription exit fees to 'heroin', says FTC
• Maximum-severity Cisco vulnerability allows attackers to change admin passwords

Google Password Manager works by storing a user's credentials in their Google Account. It will also suggest strong and unique passwords "so you don't have to remember them," according to the ad slinger.

That's assuming, of course, the service doesn't abruptly disappear for almost a day because Google pushed out a broken update.

The incident highlights the risks of using a browser-based password manager, even from a vendor the size of Google, where a broken browser update could leave the password stash inaccessible. Password managers are, however, an increasingly important facet of modern life. Popular ones include LastPass, which suffered a serious breach in 2022, or Bitwarden.

Using a password manager is a sensible precaution from a security perspective. However, while letting your browser take care of things might be convenient, it also carries its own risks. ®