I logged into my bank account online and I had a terrible fright. After I had already logged in and been redirected away from the login page, I noticed a key icon in URL bar. When I clicked on it, it offered to save my password for this site, and it had a copy of my bank password. Not going to lie, this really freaked me out. I previously selected “never” for saving my password for this site.
I tried logging out and closing the tab, and it was easy to repeat this. After I already logged into a website that I have the “never” save password option on, Brave retains a copy of my password and I can see it when I click on the key icon. This is surprising because I thought that my passwords wouldn’t live anywhere in RAM after I have already logged in.
^ Here’s a pic of after I have logged into the bank website.
edit: Chrome does the same thing. I disabled “Offer to save passwords” in the settings.