VULNERABILITY DETAILS

If you try to manage or see your passwords stored in Chrome you will be prompted with a toast asking for the Windows User password, which makes sense since you do not want anybody to be able to get all your passwords in bulk.

I recently started to play with the Brave Browser and to my surprise it has a functionality where it can import all your passwords from Chrome. It works well and after executing this password import you have access to absolutely all the passwords stored in chrome, without having to input any passwords in Brave or even have a Brave account. The Brave browser is Open Source with code on Github so I am assuming that it would not be difficult some day for someone to send you a picture with embedded code and execute the Brave browser code in order to get your passwords.

VERSION
Chrome Version: Version 65.0.3325.181 (Official Build) (64-bit)
Operating System: Windows 10 PRO