This article is simply incorrect. The passwords are only stored in plaintext when there are no OS-level or desktop environment options available to protect them.[0] In the absence of such a system where exactly do you expect Chrome to store the encryption key for the list of passwords?<p>[1] <a href="https://code.google.com/p/chromium/wiki/LinuxPasswordStorage" rel="nofollow">https://code.google.com/p/chromium/wiki/LinuxPasswordStorage</a><p>edit: Apparently there are people that run either incredibly old versions of chrome or don't run a keystore daemon and actually upload all of their dotfiles to github so I guess that part is technically accurate.
Okay, so it's possible someone might accidentally publish their passwords with an unwise git commit, but has anyone <i>actually done this?</i> Can anyone point to a real life example?
Once the attacker has the username, password and access to the computer, the game is already over. I can't see how adding anything on top is nothing but smoke and mirrors.