alby and most crypto extensions for browsers store their data in a special secure cache, usually one provided by the desktop bus or similar in whatever operating system (gnome has one that used to be called seahorse).

similarly, most web apps store their keys in these little enclaves as well. it is better to keep the key isolated from the browser entirely though, but the security is relatively well defended.