Chrome: plz fix security hole that has been around too long

I can understand why people would still want this fixed, but if you have saved passwords, someone can reveal them in any browser using just javascript (for example: <a href="http://blog.amwmedia.com/post/3043988338/reveal-hidden-passwords-in-all-major-browsers" rel="nofollow">http://blog.amwmedia.com/post/3043988338/reveal-hidden-passw...</a>).<p>If you're concerned about other users stealing your passwords, don't let them use your profile at all.

A Chrome representative said that they weren't going to fix this. I can't find the source. He/she said that they had a few arguments about this, but that they feel that by not showing your password they are creating a false sense of security.<p>Every browser has to store passwords in a way that's recoverable (as they need to be sent to the server), so if you store them and you lose control of your computer, you WILL most probably lose control of your passwords too, in every browser including IE9 (something this page, <a href="http://www.thewindowsclub.com/chrome-firefox-show-passwords-plain-text-ie9" rel="nofollow">http://www.thewindowsclub.com/chrome-firefox-show-passwords-...</a>, does not seem to understand).

People still save passwords? I just let the cookies hang around. Haven't been logged out of anything for months.<p>Anyway, it has to be possible to retrieve the password in plain text for Chrome to be able to use it. Even if they remove the functionality to view it, someone could just make a tool - and when someone has access to your computer they could run said tool.<p>If someone malicious has access to your computer and it's not locked, you're pretty much screwed - that's not the fault of Chrome.

For those who actually let their browsers store passwords I recommend looking for extensions that integrate the password storage with the native password management systems such as Mac OS X's Keychain, KDE's KWallet or GNOME Keyring. Some browsers may even support that by default. That at least ensures the passwords are stored encrypted and the browser can't access them without the user's reauthentication.

This is a pretty good read on this subject: <a href="http://developer.pidgin.im/wiki/PlainTextPasswords" rel="nofollow">http://developer.pidgin.im/wiki/PlainTextPasswords</a>

Why doesn't chrome put in a master password or a security question/answer a user have to enter to reveal sensitive information?

Could someone explain how this is a security hole exactly? Being able to access saved passwords is a feature, right?

Isn't that why operating systems let you make separate password protected profiles?<p>Firefox does the same btw except they offer a master password, but what happens when you misplace that password? Chrome seemingly assumes that the profile password is that master password which seems like expected behavior to me, I mean how many nested passwords do you need to be satisfied?<p>Also if you have access to the machine saved passwords can still be dug up regardless.

Anyone with access to your computer can see your website passwords stored in Google Chrome in CLEAR TEXT. Seriously this is redic. Yes, there is a responsibility for a user to adequately protect their computer, but this is just sets people up for identity theft and bunch of other bad stuff. My 60 year old parents use Chrome, your grandparents probably use Chrome. Help them out, at least have a master Chrome pw to protect viewing things in clear text...