VULNERABILITY DETAILS

As you are already aware of , passwords saved in chrome browser are stored in sqlite3 file %LOCALAPPDATA%\Google\Chrome\User Data\Default\Login data
and encrypted with CryptProtectData where any process running on the same user can call CryptUnprotectData and get the stored passwords in plain text.
-- technically speaking : something like
SELECT action_url, username_value, password_value FROM logins
CryptUnprotectData(blob(password_value))
is enough from any process running under same user.

What I have done is a C/C++ Implementation which uses this fact to display all stored passwords with users and url in plain text, without asking for any password or the need for privillages elevation.

as a chrome user , I find this pretty critical as an implementation as mine embeded in a malware can just take all my stored passwords easily once it runs under my user and Kaspersky Internet security for example does not detect this as malware.

more details on : https://github.com/adnanonline/chrome-passwords

VERSION
Chrome Version: Version 55.0.2883.87 m (64-bit) 
Operating System: Windows 10