A serious flaw in the security of Google's Chrome browser lets anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. No password is needed to view them.
Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.
Seeing the passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings…" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites - but clicking beside them reveals the plain text of the password, which could be copied, or sent via a screenshot to an outside site.