VULNERABILITIES DETAILS
We can protect saved passwords using "Master Password" in Google Chrome. If we need to view the password in saved password section, we need to provide Master password. 
But "saved passwords" will be automatically added to the login forms when browsed to the respective URL. 

I mean, if we save password for https://www.gmail.com, we will need to provide master password to view it at chrome://settings/password page. And it will be automatically filled into form when we browse to https://www.gmail.com.

Now the main part, we can inspect element to the login details filled page, e.g. https://www.gmail.com, and change html element 'type:password' to 'type:text' and we will get the plaintext password. 

VERSION
Latest.

REPRODUCTION CASE
We can reproduce this issue like this:
1. Enable master password in Advanced settings of google chrome (latest).
2. Save password for https://mail.google.com.
3. Now if you go to 'chrome://settings/passwords and try to show the save password, you will need to provide master password. 
4. Open a new incognito tab and browse to "https://mail.google.com", your login credentials will be filled to their respective input-fields of the form. Now inspect element of password inspection, and change html attribute: 'type:password' to 'type:text'. 
You will get your plain text password without providing master password, which is meant to protect the saved password. 

Protection:
ask for master password while filling up the form or encrypt the stored passwords in google chrome.