VULNERABILITY DETAILS
Chrome should integrate with the web service [Pwned Passwords](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/) to alert users if their passwords have been leaked.

Password reuse is likely one of the most common security issues on the web today, but most users aren't going to check all their passwords against a 30GB password dump, or rotate passwords on a fixed schedule. Reusing your gmail password for a HTTP-only website is a human issue, but one that could be fixed by your browser.

1Password recently released a [beta feature](https://blog.agilebits.com/2018/02/22/finding-pwned-passwords-with-1password/) to check your passwords, but this feature is missing from the Chrome password manager.

There are a couple of [existing](https://chrome.google.com/webstore/detail/have-i-been-pwned/fpgljciihecejjlildfcakfcmnachahp) [extensions](https://chrome.google.com/webstore/detail/have-i-been-pwned-passwor/dpmoieaemfopchamfhnhjfoddhheeflf) that offer this feature, but this feature should be included in the native browser to ensure user security. Optionally, Google could proxy/host the pwned web service to ensure user security.

VERSION
Chrome Version: 64.0.3282.167 (Official Build) (64-bit)
Operating System: Windows 10 Home 1709 16299.248

REPRODUCTION CASE
1) Change your webmail password to something obviously pwned, i.e. "passw0rd"
2) Sign in to your webmail account
Actual: Chrome doesn't warn you
Expected: Chrome warns you that your password has been leaked, and that you need to change it immediately
(Additionally, Chrome should probably check old passwords occasionally, because sites like Facebook don't require you to reauthenticate.)

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
N/A