We are now a few years into the AI revolution, and talk has shifted from who has the best chatbot to whose AI agent can do the most things on your behalf. Unfortunately, AI agents are still rough around the edges, so tasking them with anything important is not a great idea. OpenAI launched its Atlas agent late last year, which we found to be modestly useful, and now it's Google's turn.
Unlike the OpenAI agent, Google's new Auto Browse agent has extraordinary reach because it's part of Chrome, the world's most popular browser by a wide margin. Google began rolling out Auto Browse (in preview) earlier this month to AI Pro and AI Ultra subscribers, allowing them to send the agent across the web to complete tasks.
I've taken Chrome's agent for a spin to see whether you can trust it to handle tedious online work for you. For each test, I lay out the problem I need to solve, how I prompted the robot, and how well (or not) it handled the job.
Cloud security titan Zscaler Inc. has acquired SquareX, a pioneer in browser-based threat protection, in an apparent move to step away from traditional, clunky security hardware and toward a seamless, browser-native defense. The acquisition, which did not include financial terms, integrates SquareX’s browser detection and response technology into Zscaler’s Zero Trust Exchange platform. Unlike traditional..
It usually starts with a small convenience. You log into a site once, Chrome offers to remember the password, and you click “Save” without thinking twice. Weeks turn into months, devices multiply, and before you know it, your browser knows more about your digital life than you do. This is exactly how many users end up relying on Chrome’s built-in tools without ever learning how to delete passwords from Chrome when it actually matters.That quiet accumulation of saved credentials feels harmless until you stop considering what’s actually at stake. Losing a device, sharing a computer, or falling victim to a remote attack can instantly turn convenience into exposure. Managing and deleting saved passwords isn’t busywork; it’s basic digital hygiene, especially if you want to delete saved passwords in Chrome before they become a liability.This article walks through how to remove passwords from Google Chrome, explains how to clear saved passwords in Chrome across devices, and outlines why browser-based password storage is risky, along with safer alternatives that make sense in real-world use.
Why Browser-Saved Passwords Are a Security Risk
Most modern browsers, including Chrome, Firefox, Edge, Safari, and Opera, offer built-in password managers. Chrome’s implementation, known as Google Password Manager, is deeply integrated into Chrome, Android, and Google accounts. It autofills credentials, suggests strong passwords, syncs logins across devices, and even flags compromised passwords after known data breaches.All of that sounds reassuring, but there’s a trade-off. If someone gains physical access to your unlocked device or remote access through a Man-in-the-Middle or Evil Twin attack, they may also gain access to every stored login. That risk escalates quickly if banking, email, or work-related credentials are saved. Even without theft or hacking, saved passwords make casual snooping far too easy, which is why knowing how to remove saved passwords from Chrome is more than just a cleanup task.The problem isn’t that password managers are bad. It’s that browser-based password storage ties your credentials too closely to the device and session itself, making it harder to fully control or audit access unless you deliberately erase saved passwords in Chrome.
How to Delete Saved Passwords in Google Chrome
Chrome remains the most widely used browser, which makes it a natural starting point when you want to delete autofill passwords in Chrome or remove stored login data selectively.
Deleting Individual Passwords on Desktop
Open Google Chrome.
Click the three-dot menu in the top-right corner.
Select Settings.
Navigate to Autofill and passwords, then open Google Password Manager.
You’ll see a list of saved sites, usernames, and masked passwords.
Click a specific website and select Delete to delete stored passwords in Chrome one by one.
Deleting Multiple Passwords
Chrome allows bulk deletion by selecting multiple entries:
Check the boxes next to the passwords you want to remove.
Click Delete at the top of the list.
Confirm when prompted.
This approach is useful when you want to remove Chrome password manager data without wiping everything.
Deleting All Passwords at Once
There’s no single “Delete All Passwords” button, but you can still clear saved passwords in Chrome completely:
If Chrome sync is enabled, these steps will delete saved passwords in Chrome across all synced devices.
Chrome Password Deletion on Mobile
Android
Open the Chrome app.
Tap the three-dot menu.
Go to Settings > Password Manager.
Tap a saved password and select Delete.
To remove all saved passwords:
Tap Clear browsing data.
Set the time range to All Time.
Select Saved Passwords.
Tap Clear data.
iOS
Open Chrome.
Tap the three-dot icon at the bottom right.
Open Password Manager.
Tap Edit, select sites, then Delete.
Bulk deletion follows the same Clear Browsing Data path under Privacy and Security, allowing you to remove passwords from Google Chrome on iOS as well.
Turning Off Password Saving in Chrome
If you want to turn off and delete passwords in Chrome permanently so the browser stops prompting, you should follow these steps:
Desktop: Settings > Autofill and passwords > Google Password Manager > Settings. Toggle Offer to save passwords and Sign in automatically off.
Android and iOS: Open Password Manager, tap Settings, and turn Offer to save passwords off.
Uncheck Ask to save logins and passwords for websites.
Safari (macOS and iOS)
On Mac:
Open Safari > Preferences > Passwords.
Select passwords and click Remove or Remove All.
On iOS:
Open the Settings app.
Tap Passwords.
Swipe left on entries to delete, or use Edit to remove all.
Disable password saving by turning off AutoFill Passwords.
Opera
On desktop:
Open Opera > Settings > Advanced.
Under Autofill, select Passwords.
Remove entries via the three-dot menu.
On iOS:
Use the system Passwords menu in Settings.
Swipe to delete entries.
Disable AutoFill Passwords to stop future saves.
What to Use Instead of Browser Password Storage
Strong password practices demand length, complexity, and uniqueness, rules that make human memory an unreliable storage medium. This is where dedicated password managers earn their place. Tools like 1Password, LastPass, Dashlane, Keeper, and Apple Keychain are built specifically for credential security, not browser convenience.Deleting saved passwords from your browser isn’t about rejecting convenience; it’s about choosing where convenience makes sense. Browsers are optimized for speed and accessibility, not long-term credential protection. Once you understand how easily stored logins can become liabilities, learning how to delete passwords from Chrome feels less like a chore and more like reclaiming control.If you rely on Chrome or any modern browser daily, knowing how to delete stored passwords in Chrome, disable autofill, and pair those actions with a proper password manager and multi-factor authentication is a practical step toward a safer digital life.
Google has released an update for its Chrome browser that includes 13 security fixes, four of which are classified as high severity. One of these was found in Chrome’s Digital Credentials feature–a tool that lets you share verified information from your digital wallet with websites so you can prove who you are across devices.
Chrome is by far the world’s most popular browser, with an estimated 3.4 billion users. That scale means when Chrome has a security flaw, billions of users are potentially exposed until they update.
That’s why it’s important to install these patches promptly. Staying unpatched means you could be at risk just by browsing the web, and attackers often exploit these kinds of flaws before most users have a chance to update. Always let your browser update itself, and don’t delay restarting the browser as updates usually fix exactly this kind of risk.
How to update Chrome
The latest version number is 143.0.7499.40/.41 for Windows and macOS, and 143.0.7499.40 for Linux. So, if your Chrome is on version 143.0.7499.40 or later, it’s protected from these vulnerabilities.
The easiest way to update is to allow Chrome to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.
To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.
One of the vulnerabilities was found in the Digital Credentials feature and is tracked as CVE-2025-13633. As usual Google is keeping the details sparse until most users have updated. The description says:
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
That sounds complicated so let’s break it down.
Use after free (UAF) is a specific type of software vulnerability where a program attempts to access a memory location after it has been freed. That can lead to crashes or, in some cases, let an attackers run their own code.
The renderer process is the part of modern browsers like Chrome that turns HTML, CSS, and JavaScript into the visible webpage you see in a tab. It’s sandboxed for safety, separate from the browser’s main “browser process” that manages tabs, URLs, and network requests. So, for HTML pages, this is essentially the browser’s webpage display engine.
The heap is an area of memory made available for use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.
A “remote attacker who had compromised the renderer” means the attacker would already need a foothold (for example, via a malicious browser extension) and then lure you to a site containing specially crafted HTML code.
So, my guess is that this vulnerability could be abused by a malicious extension to steal the information handled through Digital Credentials. The attacker could access information normally requiring a passkey, making it a tempting target for anyone trying to steal sensitive information.
Some of the fixes also apply to other Chromium browsers, so if you use Brave, Edge, or Opera, for example, you should keep an eye out for updates there too.
We don’t just report on threats—we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.
Google has rolled out a new autofill feature for Chrome that goes beyond storing just your passwords, addresses, and credit card numbers. The new “enhanced autofill” can now stash your driver’s license, passport details, VIN, or license plate information. Sounds convenient, right?
But just because you can, it doesn’t mean you should.
Let’s face it: filling out government forms or travel bookings online is a pain. Anything that saves a few minutes—or spares you from hunting down your passport at the back of a drawer—feels like a win, especially if Chrome can neatly autofill those fields. And yes, Google promises encryption, explicit permission for autofill, and manual activation only if you want it.
But let’s think this through. Is storing your most personally identifiable information—like government-issued IDs—in the market-dominant browser a good idea? Because that’s what Chrome is.
Chrome’s market share (over 73% at the time of writing) makes it the internet’s biggest bullseye for criminals. Whether you’re using the enhanced autofill or the regular one, browser-based storage schemes are relentlessly hunted by password stealers, infostealers, and other types of malware.
And let’s not forget phishing attempts. Maybe having to dig through your drawer while you think about why a website needs that information isn’t such a bad thing after all.
Sure, Chrome encrypts autofill data, only saves your info with permission, and asks for confirmation before pasting it into a form. You can also ramp up security with two-factor authentication (2FA) and a Chrome sync passphrase. But when cybercriminals get the right kind of access (by stealing a browser session, finding an unlocked device, or getting you to install a rogue extension), your sensitive information is in danger. And with what Chrome can now store, that could mean your identity.
Chrome’s enhanced autofill promises a smoother online ride, but the consequences of storing government IDs in your browser could outweigh the perks. Cybercriminals love a big target—and with Chrome’s popularity, the bounty only grows. When the reward for a criminal is your passport, driver’s license, or identity, convenience should come second to caution.
Thankfully, someone decided it was a good idea to turn off this feature by default, but if you want to check, here’s how to find it:
Open Chrome.
In the main Chrome menu, click on Settings.
Under Autofill and passwords, select Enhanced autofill if present.
Better alternative: password managers
We would advise that if you must store this kind of information digitally, use a password manager. These tools are built for secure storage—they’re audited for security, separate from browser processes, and don’t automatically serve up your data to any site that happens to have the right input fields.
Stick to a dedicated password manager and stay in control of what’s stored and where it gets filled out. Remember: the less a browser knows about your life, the safer you are when someone eventually tries to break in.
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
The sole zero-day flaw this month is CVE-2025-33053, a remote code execution flaw in the Windows implementation of WebDAV — an HTTP extension that lets users remotely manage files and directories on a server. While WebDAV isn’t enabled by default in Windows, its presence in legacy or specialized systems still makes it a relevant target, said Seth Hoyt, senior security engineer at Automox.
Adam Barnett, lead software engineer at Rapid7, said Microsoft’s advisory for CVE-2025-33053 does not mention that the Windows implementation of WebDAV is listed as deprecated since November 2023, which in practical terms means that the WebClient service no longer starts by default.
“The advisory also has attack complexity as low, which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker’s control,” Barnett said. “Exploitation relies on the user clicking a malicious link. It’s not clear how an asset would be immediately vulnerable if the service isn’t running, but all versions of Windows receive a patch, including those released since the deprecation of WebClient, like Server 2025 and Windows 11 24H2.”
Microsoft warns that an “elevation of privilege” vulnerability in the Windows Server Message Block (SMB) client (CVE-2025-33073) is likely to be exploited, given that proof-of-concept code for this bug is now public. CVE-2025-33073 has a CVSS risk score of 8.8 (out of 10), and exploitation of the flaw leads to the attacker gaining “SYSTEM” level control over a vulnerable PC.
“What makes this especially dangerous is that no further user interaction is required after the initial connection—something attackers can often trigger without the user realizing it,” said Alex Vovk, co-founder and CEO of Action1. “Given the high privilege level and ease of exploitation, this flaw poses a significant risk to Windows environments. The scope of affected systems is extensive, as SMB is a core Windows protocol used for file and printer sharing and inter-process communication.”
Beyond these highlights, 10 of the vulnerabilities fixed this month were rated “critical” by Microsoft, including eight remote code execution flaws.
Notably absent from this month’s patch batch is a fix for a newly discovered weakness in Windows Server 2025 that allows attackers to act with the privileges of any user in Active Directory. The bug, dubbed “BadSuccessor,” was publicly disclosed by researchers at Akamai on May 21, and several public proof-of-concepts are now available. Tenable’s Satnam Narang said organizations that have at least one Windows Server 2025 domain controller should review permissions for principals and limit those permissions as much as possible.
Adobe has released updates for Acrobat Reader and six other products addressing at least 259 vulnerabilities, most of them in an update for Experience Manager. Mozilla Firefox and Google Chrome both recently released security updates that require a restart of the browser to take effect. The latest Chrome update fixes two zero-day exploits in the browser (CVE-2025-5419 and CVE-2025-4664).
For a detailed breakdown on the individual security updates released by Microsoft today, check out the Patch Tuesday roundup from the SANS Internet Storm Center. Action 1 has a breakdown of patches from Microsoft and a raft of other software vendors releasing fixes this month. As always, please back up your system and/or data before patching, and feel free to drop a note in the comments if you run into any problems applying these updates.
Login
