Security: why could brave import Chrome's password w/o any password input from the user

privacy
#1

I am new to brave. On Windows, when I click import setting from chrome to Brave, it just worked and my password is copied to Brave without any prompt for system key. How does it work and does it mean the key storage is accessible to all the softwares on my computer?

0 Likes

#2

Yep, the login infos are normally stored in the “Login Data” database file here:

%APPDATA%/../Local/Google/Chrome/User Data/Default

The passwords are encrypted, but any app on your local machine can decrypt them.
0 Likes

#3

Thank you for your reply. You said it could be decrypted by any app. Does it mean that the key is accessible or the encryption algorithm is totally broken?

0 Likes