This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Google Smart Lock is effectively a password safe/manager.  However, I believe it has a flaw in that a User can inadvertently allow login verification to be bypassed.  FOr example, on my phone I had forgotten a login so I went to Chrome->Settings->Saved Passwords.  To view/change passwords, I had to visit passwords.google.com.  
On arriving at the login page I was required to enter my password to "Verify my identity" but was immediately offered the opportunity to autofill my password.  This effectively bypasses the need to enter a password giving access to multiple logins.

passwords.google.com should require a user to manually enter a password. 

VERSION
Chrome Version: All
Operating System: All

REPRODUCTION CASE
Visit passwords.google.com to view Passwords.  On entering the password box, the opportunity to autofill will be offered.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]