Passwords stored in clear in Chrome's local storage

[lefreud]

As pointed out by @TrickyTroll, university credentials (IDUL & password) are stored in Chrome's local storage, which is an unencrypted storage location and can potentially be read by a malicious application which has access to Chrome's files, without privilege escalation. However, Chrome doesn't seem to provide obvious alternatives to allow for safe data storage, for example, by using an OS system call that encrypts/decrypts data safely (I might be wrong though).

Here are some ideas of potential solutions:

• Stop storing credentials and use Chrome's already existing password manager in conjunction with an auto-click mechanism that clicks on the "login" button after the auto-fill
• Find a Chrome API that manages encryption of data storage in a way that doesn't expose the encryption key. This could be worth looking at: https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/store (does it work in an extension?)

If you have any other idea, I'm all ears!

Sources:
"Confidential user information should not be stored! The storage area isn't encrypted." https://developer.chrome.com/docs/extensions/reference/storage/