Facebook X-twitter Pinterest Linkedin Instagram Threads Youtube
Editorialge
Eid Al-Adha

Why You Shouldn’t Save Your Passwords in Google Chrome?

Shouldn't Save Your Passwords in Google Chrome

Listen to the Podcast:

You can open Table of Contents show

When registering into a website like Facebook or Twitter, Google Chrome frequently displays a pop-up prompting the user to save their password. At we describe the mechanism used to store and protect passwords and indicate whether it’s safe to select “Save.”

Is It Safe to Save Your Passwords in Google Chrome?

The Google Chrome storage mechanism poses a security risk only if the computer has been previously compromised or exposed, although the use of a database called SQLite3 adds an additional attack vector that could be exploited by cybercriminals, according to ESET, a cyber security firm.

The only known risk associated with this mechanism is the theft of stored credentials. Therefore, it is advised not to use such a database and, if you do, not to retain passwords for essential services that contain personal information, such as:

  • On line bank
  • Social media
  • medical websites

What Happens When You Allow “Store” Your Passwords?

By clicking “accept” when Google Chrome asks “Do you want to save the password? “, the user consents to the saving of the username and password submitted in a website’s login form. This information can be specifically stored in an SQLite3 database located at the following address:

  • %LocalAppData%\Google\Chrome\User Data\Default\Login Data.

This database’s tables contain a variety of fields, with the ” logins ” table containing the most sensitive data, including the ” username value ” and ” password value ” fields. These fields are meaningless without the “origin_url” field, which informs Google Chrome which website the credentials correspond to.

The other fields contribute to the mechanism’s correct operation to a lesser extent. Because of fundamental security concerns, passwords are not stored in plain text. On Windows systems, the browser employs an encryption feature provided by the operating system, CryptProtectData (Crypt32.dll), per ESET.

Is There a Real Danger with This Mechanism in Google Chrome?

Google Chrome’s “Save Password” feature is designed so that encrypted data can only be decrypted by the same user who was logged in at the time the password was encrypted. Additionally, it can be configured to only decrypt data on the same computer on which it was encrypted.

The technological behemoth does not use a password set by the user, but rather the user’s operating system credentials. Therefore, a cybercriminal would be compelled to decrypt them by logging in as the same user who created them and transmitting them.

If an attacker gains access to the computer, they could readily obtain and decrypt the plaintext passwords if this mechanism is used to store them.

This type of behavior has been observed in multiple malicious codes, including Latin America-specific banking Trojans designed to capture login credentials for online banking sites.

How Do Attacks with Your Passwords Work?

In these attacks, the cybercriminal can obtain both the structure and the contents of the tables. For instance, they could attempt to log in to Facebook using false credentials and then select the option for Google Chrome to store the credentials.

Once the username and password have been saved to the browser’s database, the user can locate the file that contains this information and access it with a database-viewing program, such as DB Browser for SQL Lite.

From there, they can locate the entries in the ” logins ” table that contain login information, such as:

  • URL
  • Username
  • Encrypted password.

The stored password is encrypted in a BLOB structure (binary large objects, such as images or audio files), and the program displays its hexadecimal representation when the user clicks on that field.

The perpetrator now has the encrypted username, website, and password, and only needs to decrypt it. Since the active user is likely to be the same one who previously saved the password, an attacker with access to the computer in question can easily decrypt the password using Crypt Unprotect Data as opposed to DB Browser.

Anyone with physical or remote access to the computer can perform these actions, so it’s important to use a strong and unique password for each account, enable two-factor authentication, exercise caution when allowing Google Chrome to save passwords, and keep your computer’s security up to date, according to ESET.


Subscribe to Our Newsletter

Related Articles

Top Trending

Waste-to-Energy Technology
How Waste-to-Energy Technology Is Solving Two Problems At Once
Winning Upwork Proposal
Winning Upwork Proposal Strategy: From First Line to Final Reply
How to Enable Two-Factor Authentication
How to Enable Two-Factor Authentication on All Online Accounts
A Guide to a Minimalist Lifestyle in a Busy City
A Guide to a Minimalist Lifestyle in a Busy City
resistance band routines
13 Resistance Band Routines to Build Strength at Home: Say Goodbye to Boring Workouts!

Fintech & Finance

HONOR 600 Pro vs HONOR 600 Lite 5G
HONOR 600 Pro vs HONOR 600 Lite 5G: Full Comparison with Expected India Pricing
How to Dispute a Credit Card Charge Successfully
How To Dispute A Credit Card Charge Successfully
How to Protect Yourself from Financial Scams
Financial Scam Prevention Tips to Protect Your Money
The Truth About Buy Now Pay Later Services
The Truth About Buy Now Pay Later Services
best UK current accounts 2026
9 Best UK Current Accounts with the Highest Interest and Best Perks in 2026

Sustainability & Living

Waste-to-Energy Technology
How Waste-to-Energy Technology Is Solving Two Problems At Once
A Guide to a Minimalist Lifestyle in a Busy City
A Guide to a Minimalist Lifestyle in a Busy City
Green Hydrogen Fuel
The Rise Of Green Hydrogen As A Clean Fuel Source
energy-efficient LED lights and appliances
Benefits of Using Energy-Efficient LED Lights and Appliances
Wind Power Global Energy Markets
How Wind Power Is Reshaping Global Energy Markets

GAMING

best gaming mice for every hand
The 11 Best Gaming Mice That Suits the Hands of All Sizes
Best Gaming Monitors Compared
9 Best Gaming Monitors Compared: Unlock Next Level Gaming
Custom Mechanical Keyboard
DIY: Build a Custom Mechanical Keyboard That Feels Like Yours
Best Indie Games Of Recent Years
The 7 Best Indie Games Of Recent Years You Should Not Miss
open-world games done right
The 9 Best Open-World Games Done Absolutely Right

Business & Marketing

The Truth About Buy Now Pay Later Services
The Truth About Buy Now Pay Later Services
Guest Posting In 2026
Guest Posting In 2026: Is It Worth It? And How To Do It Right
New Zealand social media marketing
13 Critical Facts About How New Zealand's Small Market Forces Brands to Be Creative on Social Media
Cold Email in 2026
Cold Email In 2026: What Works, Lands In Spam, And What Converts
Entrepreneurial Spirit Promotes Social Change
Entrepreneurial Spirit Promotes Social Change

Technology & AI

How to Enable Two-Factor Authentication
How to Enable Two-Factor Authentication on All Online Accounts
Frehf
The Secrets of Frehf: Your Complete Guide to Understanding Frehf
AI Animation Styles Explained
AI Animation Styles Explained: The Smart Way to Make AI Videos Feel Professional
Check Your Real Internet Speed
How to Check Your Real Internet Speed and Detect ISP Throttling
Custom Mechanical Keyboard
DIY: Build a Custom Mechanical Keyboard That Feels Like Yours

Fitness & Wellness

resistance band routines
13 Resistance Band Routines to Build Strength at Home: Say Goodbye to Boring Workouts!
beginner home workouts
9 Beginner Home Workouts to Try for Real Results: Start Your Fitness Journey!
setting realistic fitness goals
Setting Realistic Fitness Goals: A Beginner’s Practical Guide That Actually Works
best home workouts guide
39 Home Workout Routines for Every Fitness Level to Get Fit Without a Gym
beginners fitness guide
Beginner’s Complete Fitness Guide: A Practical Beginners Fitness Guide for Real Life