VULNERABILITY DETAILS
Auto-fill settings for the chrome built-in google password manager makes it trivial to very quickly and easily expose the user password for later exploitation. 
Anyone with access to the host machine for 5-10 seconds can exfiltrate a plaintext google account password. 
This seems to be a serious logical flaw in the login page functionality of google sign in. In a workplace for example, a disgruntled colleague or administrator would have easy access to performing this attack and many other possible scenarios.
Solution would likely require detection of auto-filled vs manually filled passwords.

VERSION
Chrome Version: 69.0.3497.81 (Official Build) beta (64-bit)
Operating System: Windows 10 Pro

REPRODUCTION CASE
Pre-condition: Have a google account saved within the victim browser using the chrome default password manager ad have momentary access to the victim's machine.

1. (If victim is already logged in to google) Log out of google account.
2. Access any google account sign in page.
3. Allow the password manager to auto-fill the username and then password.
4. Click the "Show Password" option.
5. The account password is now visible in plaintext in the browser. A malicious actor can quickly and easily take a photo for later use.
6. Continue sign in flow so the user is now logged back in (If they were to begin with).