I'm not sure if I understand the concern. Could you please elaborate on what issues does the user with multiple accounts see?

Chrome uses public suffix matching: it recognises that nypl.libraryreserve.com and brooklyn.libraryreserve.com are owned by the same entity, so it relaxes the separation between passwords stored for these two origins. An example of this behaviour is:
1. The user stores card number 123 and password xyz on nypl.libraryreserve.com.
2. The user visits brooklyn.libraryreserve.com and starts typing 123 into the card number field.
3. Chrome offers to fill also "xyz" from nypl.libraryreserve.com.
4. However, the user can still override that suggestion and type "anotherpassword" into the password field of brooklyn.libraryreserve.com.
5. Chrome offers to save 123/anotherpassword for brooklyn.libraryreserve.com, and once the user accepts, Chrome will fill 123/anotherpassword on brooklyn.libraryreserve.com, 123/xyz on nypl.libraryreserve.com, and will not offer filling cross-origin in the future on these two origins (as long as the user keeps the above credentials stored).

Side note: This can be tested with http://1.chromium-test1.appspot.com/testing/psl-matching/login and http://2.chromium-test1.appspot.com/testing/psl-matching/login

auh@, could you please update as per c#3? in case if the issue still exists?

Thank you!

No feedback was received in the last 30 days from reporter "auh@google.com", so archiving this. Please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot