[userbinator]

I guess a lot of others are also wondering, "What's the point?"

If an attacker can read the file the cookies are stored in, you have already lost.

It even mentions "obfuscation" - which might be a slight obstacle if this was closed-source - but Chromium is open-source.

[bbrazil]

Obfuscation is still useful.

For example if a sysadmin is investigating a problem they're less likely to accidentally see a user's data in human-readable form, it also provides a level of defence against unsophisticated attackers.

[justinschuh]

The obfuscation isn't really intentional IIRC. It's an artifact of the assumption that a proper base credential will be available from either libsecret, Gnome Keyring, or KDE Wallet. The fixed key is just a placeholder that gets used when none of those secure mechanisms is installed on the system. Although, that file has a number of outdated comments, which add to the confusion.