2

Specifically, how did the new Microsoft Edge (based on Chromium?) import my passwords from Google Chrome (which are synced to my Google account and supposedly secure)?

I'm on Windows 10. Does Windows have a standard password exchange medium? What is stopping a malicious program getting my passwords from Google Chrome, possibly decrypting them by asking me to input my Windows password for another fake purpose, and secretly uploading them somewhere else?

user1857492
  • 135
  • 4

1 Answers1

5

What is stopping a malicious program getting my passwords from Google Chrome, possibly decrypting them by asking me to input my Windows password for another fake purpose, and secretly uploading them somewhere else?

Nothing.

On Windows, a program running under your account can access anything that belongs to you. The defense is "don't run malicious programs". This is particularly common in desktop OS's; mobile ones are much better in this regard.

Joseph Sible-Reinstate Monica
  • 7,110
  • 3
  • 21
  • 35
  • 1
    I know Windows doesn't have a secure permission system like the one Android got, but shouldn't there be _some_ kind of Windows API that allows Google Chrome to store passwords securely? – user1857492 May 02 '20 at 02:12
  • @user1857492 yeah, generally when you want to view them, you need to enter system credentials – multithr3at3d May 02 '20 at 02:59
  • @multithr3at3d I think that's "fake" protection. In particular, if you go to the website and let Chrome autofill the credential, you can use the developer console to pull it out of the password field. – Joseph Sible-Reinstate Monica May 02 '20 at 03:00