VULNERABILITY DETAILS
When using the built-in chrome password manager, it's possible to inadvertently expose the password in plain text in an unexpected way.

I ran into this when using the chrome password manager while logging into Lastpass.com, but this would apply potentially anytime you have a web site that requires login credentials, and within that site, other credentials are used for different purpose.

VERSION
Version 60.0.3112.90 (Official Build) (64-bit)
Windows 7 Enterprise, SP1

REPRODUCTION CASE


If you use chrome password manager to manage your lastpass credentials, upon logging in to lastpass, if you select an account to review that uses the same username as the lastpass account (i.e. e-mail address), then Chrome get's confused and overwrites the stored password field for the selected account with the Lastpass master account password (used to log into lastpass).  This field can then be easily displayed by changing the HTML element type to "text", or in this case, simply by clicking "show password".

This inadvertently exposes the original login credentials for the site. 

The vulnerability results from chrome having trouble distinguishing between when the username/password fields apply to logging into the site, vs when they are simply part of the web application.  There are a couple of ways this might be exploited, but in general, it's a bad situation to have chrome overwrite password fields that already have content in them.  It's also not ideal that chrome can be confused into outputting the password into a password field that is not part of the site authentication.