[smtddr]

I don't think it's fair to call something a flaw because you disagree with it. Google didn't do this by accident. It's a very purposely designed feature that apparently a bunch of HN-folks just learned about and strongly disagree with. Also, Firefox does this too...

And for the record, when I saw this feature 2 years ago I disagreed with it too - but it's not a flaw.

[joekrill]

I absolutely agree. Although Firefox at least gives you the ability to set a master password to add additional security. Chrome does not.

[tptacek]

They deliberately do not, because that password doesn't solve any security problems, but does communicate to users that Chrome is doing something to protect their account that it doesn't and can't do.

Firefox should lose the feature.

[EliAndrewC]

Can you clarify why the master password isn't offering any protection? It encrypts your other passwords so that they are not stored in plaintext on the filesystem; this alone seems like it's offering a little security, since my (perhaps mistaken) assumption is that it's more likely for someone to be able to read a file on your filesystem than to read in-memory passwords stored in RAM.

EDIT: Your other comment at https://news.ycombinator.com/item?id=6173111 probably explains your view on this; that there are few attacks in practice which would be thwarted by encrypting passwords at rest, and that the false sense of security on the part of the user would be disproportionately high.