Reputation: 8151
How secure is data stored using chrome.storage.local.set
I'm storing options data in a chrome extension using chrome.storage.local.set
How secure is that data?
Can it be read easily by anyone who has access to the file it is stored in?
Upvotes: 4
Views: 1528
Answers (2)
Reputation: 3833
It is not secure, and per the official chrome.storage docs is stored unencrypted in the user's profile folder under their Chrome data directory. You will need to use some additional encryption if you are storing more sensitive data using these APIs.
They are stored in a LevelDB database in the following location:
C:\Users\<User>\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\<Extension id>
Upvotes: 7
Reputation: 10897
It's saved in the following path (For other OS, the path is similar), can be easily accessed.
C:\Users\<User>\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\<Extension id>Basically, since the data is saved in local machine, you can't trust it as secure, since there're tons of ways to get the data. For example, other extension/scripts may overrite
chrome.storage.local.setand they may get the data first, like what Storage Area Explorer does.
Upvotes: 1
Related Questions
- Where is chrome extension's 'chrome.storage.local' data saved?
- Do Chrome extensions have access to local storage?
- Security concerns for using localStorage or chrome.storage inside Chrome Extensions
- clarification on chrome extension local storage
- Can a chrome extension read data from the local storage?
- localstorage on chrome extension
- Chrome local storage and security
- Chrome App: Handle Sensitive data
- Chrome extension and local storage
- Secure Storage on a Google Chrome Extension