Chromium and saved passwords
In my recent review of “chromium”, I mentioned that it offers to save passwords, and stores them in kwallet. This suggests that they should be stored in encrypted form, due to the way that kwallet works.
Unfortunately, things may be worse. I recently tested out “chromium” while logged into Gnome. And when I visited a site where chromium had a saved password, it filled in the password field. But I was never prompted for the key to unlock kwallet.
It now looks as if “chromium” is saving the passwords in kwallet, where they are encrypted. But it is apparently also saving them in an unencrypted (but obscured) file in the user chromium profile directory.
This is not good.