Not sure how Brave did this, but when I said “import data” from chrome, not only did it get my bookmarks, but also my saved passwords for websites.
I did not have to provide credentials to google. Nor did google warn me that some app was going to copy my website passwords.
Does google hand these passwords off unencrypted? I only store seemingly innocuous website passwords (blogs, news sites and stores that don’t keep my payment info on file) but this practice seems incredibly insecure.
This seems like a common issue, and not just with the chrome/brave handoff. I believe I witnessed this a few years ago when I tried Firefox.
Is this a google apps issue?