This template is ONLY for reporting privacy issues.
Please use a different template for other types of bug reports.
Please see http://www.chromium.org/Home/chromium-privacy for further information.

PRIVACY ISSUE
Smart Lock (chrome://settings/passwords) requires users to enter System password on most desktop platforms to view passwords.

Smart Lock stores URL and username as plain text which can be used to autofill password on a website (like facebook, gmail) and simple HTML editing using developer tools reveals password in plain text without need for System password.

VERSION:
Chrome Version: M50+ Stable
Operating System: Desktop OS [Windows, Linux, Mac, Chrome]

REPRODUCTION STEPS
Please provide detailed reproduction steps, and any additional information below. 
1. Open chrome://settings to ensure 'Enable autofill' and 'Offer to save password' settings are turned ON (or enabled)
2. Ensure that you have already saved password for some site
3. Open website in Chrome
4. Smart Lock will autofill username and password on that site
5. On password field right click to inspect element
6. Replace input type=password to input type=text
Password should now be visible

Include an URL demonstrating the issue and attach a screenshot if applicable. 
Screenshot attached

Be sure to include in your description how this issue affects your privacy.
Using this method a system password is not required to know a stored website password. Anyone who can access my chrome profile can login or know my password to any site easily.

This is practical situation in emerging markets (or developing countries) where it is common to share PC amongst family members or roommates.
 

Deleted: TXXSXJKoHq0.png 476 KB

	TXXSXJKoHq0.png 476 KB View Download