To my surprise, there's no builtin master password in Chrome. So how do I protect my passwords now?
Google developers deny the need for master password. I cannot agree. It might be crackable, but it's enough to deter the less determined malware.
Chrome encrypts passwords using Windows account password. That's nice except it is easily decrypted by unprivileged malware and I don't have Windows password anyway.
Antivirus catches some malware. I am cautious too, but desktops are used to run a lot of crap that cannot be avoided. Windows provides no sandboxing.
LastPass does the job, but it's nowhere near as secure as KeePass. No secure desktop and no data protection API. It's on par with Firefox master password though.
LastPass however suffers from lower usability. It doesn't offer to save password on many sites. It's more than one click to save the password.
It sucks this functionality is not builtin. I have to waste time installing plugins for feature that would work much better if integrated in the browser. Anyway, I am switching back to Firefox, because Firefox is faster in practice.