Type in a very few words into Google Chrome browser – the market share leader in most surveys – anda full list of websites and their associated passwords displays onthe screen.

Reported by UK software developer Elliot Kember, the phrase that unlocks the password display is:chrome://settings/passwords. Type that into the browser address barand it reveals a list of saved passwords. Highlight a site andwhat's shown is the password in plain text.

Wrote Kember in his blog, “They [everyday users] don't expect itto be this easy to see their passwords. Every day, millions ofnormal, everyday users are saving their passwords in Chrome. Thisis not OK.”

In a test by a reporter, Chrome indeed displayed a lengthy lineup of some two dozen saved passwords for sites ranging fromHootsuite to Twitter. Also included was the master login to anumber of Google accounts including GMail,

Not included in the list were any financially related sites. Nocredit union, no bank, no PayPal, no credit card issuers.

UK newspaper The Guardian reported that the head of Google's Chrome team indicated thereare no plans to change this system.

Many users are said to save their passwords by sending emails tothemselves, so that their email box becomes a de facto passwordcache. Access the email and those passwords, theoretically, couldbe found.

To exploit Kember's vulnerability, a criminal would need to findan unattended computer, with Chrome installed. What would then berevealed are the passwords which the user elected to save inChrome.