This definitely looks like a functional issue; it may well occur due to code that tries to keep track of the username after it's manipulated by JavaScript (e.g. some sites will replace parts of the username string with **** after the field is exited).

The security impact seems Low to None, insofar as this only gives a local viewer the opportunity to re-view a string that was just displayed.

I haven't been able to reproduce this on a simple page (http://http://debugtheweb.com/test/forms/password.asp) in Chrome 59 or Canary. 

Are you able to reproduce this on every page? Is the URL of the site in your screenshot public?

I cannot share the URL and credentials, but I just tried and have managed to reproduce this on multiple WordPress websites. Not sure if it helps you, but I had passwords saved so username/password fields were prefilled upon page load.

Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

tengs@: I don't know if the bug is in Smart Lock per se, but could you help triage this bug?

Issue 731788 has been merged into this issue.

Removing security labels.

[mac triage] Able to reproduce. Assigning to vabr for password bugs

... and back in the queue of bugs to fix.

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Can somebody give an example site? I can't reproduce on a testing page.

I guess it's still happening on some sites.