Snap version of Chromium (included by default in Ubuntu) saves all your passwords in plain text


Epic :expressionless:

wow. my days as a snap apologist might be over. i feel like i keep reading pretty ugly security issues with them or the repository itself

1 Like

If you read the link though, it says there is no some text file in chromium profile, where you can see your passwords in plaintext. The only way to see them is to launch the browser itself. Chromium browser has no master password to unlock passwords, that is not a bug?

There is also a link to chromium documentation, which says how chromium auto chooses where to save passwords on linux, GNOME keyring, KWallet, Basic (plaintext). I now wonder is Brave linux (not snap or flatpak) stores my passwords in keyring, I am 99% sure it does not, I will check it.

So, it seems snap version has a flag to always use basic. Snap is sandboxed, other app probably do not see files at all, even there is no plaintext file with password, they are in sql database and passwords are not visible, it is binary file.

1 Like