Why is there no password asked to access Chrome's "Manage passwords" tab

[sirgilmour]

I use Win7 and dont have a password when opening a session because i'm moslty by myself, but I noticed that while i'm away, anyone that can open chrome and go into the manage password tab can just see anything without any security question asked... is the windows 7 login password and the chrome manage password security code linked, because I don't see any option in the chrome settings to lock this tab.

[patio]

No...and if you have not set a password for Chrome it behaves like the above...

Note: The Chrome password setting only affects things in Chrome...such as site logins etc....it has nothing to do with Windows password settings...

[sirgilmour]

I have a password for chrome, but i type it once to open my gmail session after installing the application

[BC_Programmer]

Known "issue"; was raised some time ago to Google/Chrome devs who had this to say:

    I'm the Chrome browser security tech lead, so it might help if I explain our reasoning here. The only strong permission boundary for your password storage is the OS user account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we've found that boundaries within the OS user account just aren't reliable, and are mostly just theater.

    Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.

    We've also been repeatedly asked why we don't just support a master password or something similar, even if we don't believe it works. We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that's really what they get.

[patio]

Your confusing the issue...The sign in was for your Google account...not Chrome.

See Here...