Brave imported saved passwords from Chrome

Not sure how Brave did this, but when I said “import data” from chrome, not only did it get my bookmarks, but also my saved passwords for websites.

I did not have to provide credentials to google. Nor did google warn me that some app was going to copy my website passwords.

Does google hand these passwords off unencrypted? I only store seemingly innocuous website passwords (blogs, news sites and stores that don’t keep my payment info on file) but this practice seems incredibly insecure.

This seems like a common issue, and not just with the chrome/brave handoff. I believe I witnessed this a few years ago when I tried Firefox.

Is this a google apps issue?

Google chrome stores data like passwords etc. in encrypted form in the device. Brave, like Google chrome, is based on same open source software- Chromium and it is only able to access the encrypted passwords just like Google chrome. So until you export passwords to a file (which is decrypted) or if someone has access to the computer, this process will be secure.

It is the password of the device, that is required to view those passwords either in Google chrome or in Brave. Even Brave on its own can’t read those passwords (It only has access to encrypted passwords).
I could be wrong and missing some things. @Mattches @fanboynz @tmancey can correct me.

1 Like

Thank you for taking the time to answer this.

I do however, believe that it is not because it shares a common software base (Chromium) that Brave was able to request a import my passwords from Chrome.

The same thing happens when you install Firefox, which is not based on Chromium. e.g. importing things like browser bookmarks also brings over passwords.

Is it possible that Chrome will just hand off the passwords to any app that asks?

Because this doesn’t feel like security at all.