Version: 52.0.2719.0 (Developer Build) (64-bit)
OS: Linux (but likely platform-independent)

What steps will reproduce the problem?
(1) Go to https://w3c.github.io/webappsec/demos/credential-management/.
(2) Click sign-in, fill in the password form and hit Submit.
(3) Click Never in the bubble offering to save the credential.
(4) Repeat steps 1 and 2.
(5) Click one of the buttons to sign in with a federation.

What is the expected output?
No offer to save anything, because of the blacklisting.

What do you see instead?
The blacklisting is ignored and federated credentials are offered for saving.

Note: The blacklisting still works for username/password credentials. This is related (but not equal) to  bug 607485 .