I just came across this news article and got curious about it so read a bit further. https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/
In summary, a flightsim developer has included a chrome password dumping tool in the installer and in case a pirated serial number was entered, this tool was used to get stored passwords of the user’s Chrome browser. This was apparently discovered by a reddit user and there’s quite a controversy around the topic.
So apparently, a tool from a site called securityxploded was used to dump the passwords, which claims to instantly recover saved chrome passwords. It needs admin rights (in this case, disguised as part of installation process) but still, I’m wondering how such tools work.
I understand password managers store the passwords in plain-text but still, the whole database is encrypted with a master password, right? Is this a security flow in Chrome?