A security flaw in Google's Chrome browser allows anyone with access to a user's computer to see all of their stored passwords directly from the settings panel.

Software developer Elliott Kember stumbled across the vulnerability when importing his bookmarks from Apple's Safari browser to Google Chrome. He discovered that it was mandatory to import saved passwords from one browser to the other – something he described as 'odd'.
After doing a bit more digging, he found that Google does not protect passwords from being viewed when a user is logged in and running Chrome. Anyone with access to the computer can view stored passwords by going to the advanced settings page and clicking on the “Passwords and forms” option, followed by “Manage saved passwords”.


See full story here: http://www.telegraph.co.uk/technology/internet-security/10228714/Google-Chrome-flaw-exposes-user-passwords.html

Makes sense.

You can do the same in Firefox.
Options > Options > Security > Saved Passwords... > Show Passwords
Internet Explorer's no different.
If you go into the registry and navigate to HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\IntelliForms\SPW you will find every saved password.
Safari stores your passwords in plain text, too.
Preferences > Passwords > Show Passwords (and then enter the administrator's password)

tl;dr secure your stuff and get COMODO Dragon

Thanks for sharing Karl.
I'm on a shared computer and hearing about stuff like this makes me glad I haven't saved any passwords

Good thing I have my own PC and never save passwords...

You can do the same in Firefox.
Options > Options > Security > Saved Passwords... > Show Passwords
Internet Explorer's no different.
If you go into the registry and navigate to HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\IntelliForms\SPW you will find every saved password.
Safari stores your passwords in plain text, too.
Preferences > Passwords > Show Passwords (and then enter the administrator's password)

tl;dr secure your stuff and get COMODO Dragon

This is why I keep my passwords in a notebook in my room where no one looks and don't write the usernames down.

No one else uses my computer. No worries. Chrome's still the best browser.

Wow thanks for the heads up!

For the most secure password list, you should probably have a USB Drive with a text file, you can be the only one that has access to that drive because it's in you're pocket. A cheap fix for under five dollars.

that's what you get for using botnet chrome guys
Firefox for safety.

that's what you get for using botnet chrome guys
Firefox for safety.

Firefox has it too...

And it doesn't matter if your computer is your own and no one uses it.

(Chrome still rocks :P)

I don't get why it's a security flaw when the the function is clearly called manage passwords...

i'm glad I never save my passwords then. :)

If someone uses your computer I guess it should be a close person who wouldn't mind or wouldn't tell your passwords. Fortunately I have my own computer, but I am still sure the US government has all our passwords shown somewhere.

This isn't really a flaw, it's a feature. I've known about this way before the media blew it out of proportion, and honestly I don't understand the fuss over it.