Not a security vulnerability, leaving for tracking as functional bug.

Thanks.

Can you describe a kind of attack that would be prevented by such a feature? Currently we use keyring to protect against someone physically stealing your hard drive. That scenario is not affected by adding more than one keyrings.

In general, I view trying to defend against a compromised system as a lost battle. There are all kinds of damage that a malicious app can do besides reading your keyring. Not to mention that it can also just wait until you unlock your keyring for Chrome and read everything then.

If you need to run untrustworthy apps on purpose, never do it with your personal user.

Scenario:

A malicious software (e.g. "I want to test this new browser") gets access to the default keyring and steals all your login credentials for your email, bank website etc. Isolating Chromium's data into a separate keyring would prevent it.

"If you need to run untrustworthy apps on purpose, never do it with your personal user." - that won't work for a general user who doesn't even understand what an untrustworthy app is. Yet you can protect that user by giving him an extra layer of security by isolating the keyring.

The general user doesn't know what keyring is and shouldn't have to. Nor can we expect the general user to sufficiently clean up their system after executing a malicious application.

A security-conscious user, who is willing to tire themselves with managing multiple keyrings, should know better than to execute a malicious app in their everyday environment in the first place.

Chrome and other LOCAL applications can store credentials in the default keyring. A non-general user may not want their local stuff shared on the same keyring with an Internet application. If you refuse to provide such isolation, this raises the question "How safe is Chrome at all if the approach to security is `the general user doesn't know, so we will neither tell them they are exposed, neither help them not to be`?"