Chrome stores your passwords under your Google Account. By default, they are not encrypted, so if any hacker gains access to Google’s servers, they could potentially grab your stored logins too. However, it is possible to optionally set a passphrase which will be used to encrypt your synced data. Obviously, in this case the security of your saved passwords will depend on the strength of that passphrase.
Firefox differs in that it stores your logins encrypted by default. Once again, the security of the saved passwords depends on the strength of your Firefox Account password.
In both Chrome and Firefox, once a device has been synced with your account, the saved passwords are also stored on the device.