** Changed in: chromium-browser (Ubuntu)
Assignee: (unassigned) => Nathan Teodosio (nteodosio)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1996267
Title:
[snap] Doesn't store encrypted passwords unless interface is connected
Status in chromium-browser package in Ubuntu:
Confirmed
Bug description:
In the Snap package of Chromium, Chromium is not protecting passwords
with gnome-keyring (or KWallet).
As a result, copying the Chromium profile directory from the snap
directory gives access to all stored passwords. This is a HIGH
security risk. Regular users who are used to storing their passwords
in browsers are probably unaware of this.
Note that Chromium is started with the command line option
“--password-store=basic”. This hack should never have been released to
the public.
The Chromium documentation states:
> --password-store=basic (to use the plain text store)
https://chromium.googlesource.com/chromium/src/+/master/docs/linux/password_storage.md
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1996267/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
