[yolo1]

> Could you elaborate what you're talking about? Stealing passwords/sensitive info from Chrome temporary files?

Yes. Your browser stores passwords in a reversible format locally. If it's done well it may require root/ring0 privileges to abuse, but I'm unclear on how well local secret stores actually work for application-level secrets. However, if chrome temporary data becomes 100% secure I'll just steal all your documents, ssh keys and other application metadata - thus code exec is game over.

> How can one mitigate this threat?

Don't give me code exec on your box (eg don't run malware).

On a more actionable level, sandboxing every application should mitigate lots of malicious behaviors - iOS and (I've heard) chromebooks do this well, I think MacOS has some degree of sandboxing too. That being said, I don't think it'd be a practical solution for a 'power user' such as a web developer etc given the permissions power tools require are the same ones that are damaging in the hands of an attacker.