VULNERABILITY DETAILS
I have seen this work across my current version of Linux, MacOS, as well as Windows-10. If a user is using the option to auto fill passwords and usernames, across  password managers, this vulnerability will work.  While having the browser auto fill, and the password is still protected, it can be bypassed by just inspecting element, selecting the password field, and deleting the type="password" field.

VERSION
Chrome Version: [62.0.3202.74] + [stable]
Operating System: [4.10.0-38-generic #42~16.04.1-Ubuntu, Linux Mint]

REPRODUCTION CASE
I do not have a case for this, but I can give steps.
1. Sign into a user that has passwords saved in the browser, or with an extension/application that auto fills.
2. (OPTIONAL) Go to manage passwords in settings and find what sites they have saved, then click on the URLs.
3. If the site is signed in, sign out and if need be refresh the page so it is auto filled.
4. Right click (Ctrl + Shift + I) and Inspect Element.
5. Click the top left button, which is the "Select an element" button.
6. Highlight and click on the password field.
7. Find where the highlighted field shows type="password"
8. Either delete the entire field, or just the password portion.
The password will be displayed without the SHA encryption.