All web browsers store cookies in plain text, or in databases, that can be read with the right tools. That requires local access to the system, which means that the chance of cookie data leaking is limited. Still, malicious software could pull the information from user PCs considering that cookie storage is usually linked to a single location on the system.

If a computer is accessed by multiple people, one person might scan another’s cookie folder and look for things like passwords or long-life session IDs.  If an attacker has the physical access to your system they can steal all your cookies easily to hijack accounts. There are many tools available on the Internet that can make it quicker and easier for an attacker to export all your cookies from the browser.

The Google Chrome web browser saves cookies to a SQLite database file in the user’s data folder. One can import that file to SQL Editor Software to read all cookies in plain text format.

Google’s open source project Chromium browser now has a new feature that encrypts stored cookies by default by the browser, whereas similar feature is already implemented in Chrome OS and Android OS.

A recent change to Chromium has the consequence that all desktop versions of Google Chrome will encrypt stored cookies in the near future. The official desktop versions of Chrome browser will encrypt the browser cookies with 128-bit AES encryption before saving to the hard disk.

If you share your PC, or do not use full disk encryption, then you may benefit from this new encryption of cookies.