VULNERABILITY DETAILS
You can inspect element on any gmail login password field, and easily see and recover the password that is supposed to be hidden by the dots/asterisks because you're writing it into an attribute called "data-initial-value" for some crazy reason.  This makes it ridiculously easy to work around the obfuscation of the password characters and works around your security check to recover a saved password from the password manager.

VERSION
Version 63.0.3239.132 (Official Build) (64-bit)
Operating System: Verified on both Win7 and Win10 and Mac OSx

REPRODUCTION CASE
Usually to recover what an autofill password is you have to go to Settings > Manage Passwords > Show Password, and it makes you authenticate thru the OS login popup.  However, if you just click into a password field, and then it prompts you to autofill a password for any given account, and then just open the inspector tools and look, there's the saved password in plain text, easy to read, copy and paste, or take home and rob someone's life with.  This is way, way too easily done.  With this easy trick anyone can take someone's 10 most important logins complete with password while they're in the bathroom for 30 seconds.  Or at least grab their gmail user and password in less than 5 seconds.  That's far too easy to exploit.  The browser can easily avoid / block this.

NO OTHER WEBSITES write your password to the dom in plain text like that.  That's beyond silly and careless to be exposing like that and negates your entire security step in saved passwords section.
 

Deleted: gmail-password-unhidden-exploit-and-works-on-autocomplete-passwords.jpg 499 KB

	gmail-password-unhidden-exploit-and-works-on-autocomplete-passwords.jpg 499 KB View Download