My threat model is any untusted subject accessing my computer. What's why I lock it even to walk to the other side of the room. This requires any attack to open laptop, remove epoxy on RAM, then quickly switch my RAM out and read keys.
I don't know the details of the OS X keychain. If they indeed validate programmatic access to the keychain by authenticating the code executing (that is, verifying Chrome by Google is accessing the same data stored), then sure, it's possible to do somewhat better.
But if the browser prepopulates fields and they are inspectable, that defeats the purpose, yet again.
I don't know the details of the OS X keychain. If they indeed validate programmatic access to the keychain by authenticating the code executing (that is, verifying Chrome by Google is accessing the same data stored), then sure, it's possible to do somewhat better.
But if the browser prepopulates fields and they are inspectable, that defeats the purpose, yet again.