> > As a result, copying the Chromium profile directory from the snap > > directory gives access to all stored passwords. > > Please note those passwords are not stored in the clear, though they can > be discovered by going into Chromium's Settings > Passwords.
According to the chromium documented cited, this is wrong. According to the docs, the credentials are actually stored as plain text in the chrome profile if one is not using an external password manager. And this is still true today. You can also see that when using chromium - no one has to give a secret at any time to decrypt the passwords. For many people an autoconnect for the password-manager-service would probably solve this -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1996267 Title: [snap] Doesn't store encrypted passwords unless interface is connected Status in chromium-browser package in Ubuntu: Confirmed Bug description: In the Snap package of Chromium, Chromium is not protecting passwords with gnome-keyring (or KWallet). As a result, copying the Chromium profile directory from the snap directory gives access to all stored passwords. This is a HIGH security risk. Regular users who are used to storing their passwords in browsers are probably unaware of this. Note that Chromium is started with the command line option “--password-store=basic”. This hack should never have been released to the public. The Chromium documentation states: > --password-store=basic (to use the plain text store) https://chromium.googlesource.com/chromium/src/+/master/docs/linux/password_storage.md To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1996267/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
