I was at a friend's party a week ago and he was playing music on youtube. I mistakenly logged into his Google Chrome (this is a recent feature) with my google account and logged out immediately when I realized my mistake.<p>Some days later I logged in and connected my own Google Chrome with my google account. I got all the friend's bookmarks, which is ok. A day later, I opened the browser and tried to log into gmail (I didn't have the "remember me" option turned on) and I got my friends email AND password pre-filled in the gmail login form. I could read his password with document.getGetElementById('Passwd').value.<p>Has anyone also done this? Google is apparently syncing your passwords unencrypted.
Not a security flaw, you just synced his browser settings with your account.
The proper way to log into another person's Chrome is by adding a new user in the "Personal Stuff" area first.