Public bug reported: In the Snap package of Chromium, Chromium is not protecting passwords with gnome-keyring (or KWallet).
As a result, copying the Chromium profile directory from the snap directory gives access to all stored passwords. This is a HIGH security risk. Regular users who are used to storing their passwords in browsers are probably unaware of this. Note that Chromium is started with the command line option “--password- store=basic”. This hack should never have been released to the public. The Chromium documentation states: > --password-store=basic (to use the plain text store) https://chromium.googlesource.com/chromium/src/+/master/docs/linux/password_storage.md ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1996267 Title: Insecure passwort storage in Chromium (Snap) Status in chromium-browser package in Ubuntu: New Bug description: In the Snap package of Chromium, Chromium is not protecting passwords with gnome-keyring (or KWallet). As a result, copying the Chromium profile directory from the snap directory gives access to all stored passwords. This is a HIGH security risk. Regular users who are used to storing their passwords in browsers are probably unaware of this. Note that Chromium is started with the command line option “--password-store=basic”. This hack should never have been released to the public. The Chromium documentation states: > --password-store=basic (to use the plain text store) https://chromium.googlesource.com/chromium/src/+/master/docs/linux/password_storage.md To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1996267/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
