I took my mom's android tablet in which she has not enabled device lock just for her quick use but she has enabled 2 step verification for her Google account which she uses in mobile & tablet
when I opened Chrome>>Settings>>Passwords I was not able to view her passwords because device didn't had any lock so then I went to >>Device settings >>Lock screen & security >>Screen lock type >>PIN after which I was able to view my mom's passwords which are stored on https://passwords.google.com without requiring any authentication from mom just by entering device PIN created by me in Chrome>>Settings>>Passwords

Hello and thanks for your report.

What you are describing is a physically local attack: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model

It's always a good practice to use strong passwords on devices containing logged in accounts.

As such, there doesn't seem to be a security vulnerability here, so I'm going to close it. 

You generally share your device PIN with your friends just to allow them to access basic apps & then Google allows them to rip into your account passwords with that PIN without your approval, You are not considering this as security vulnerability?
most of the times colleagues who alway stays with you might have seen your PIN, PATTERN or PASSWORDS so the person who disapproved this request doesn't seems to be educated enough about android & its security or might be one not knowing how to fix it.
in this generation of developing technology we still don't have 100% accurate hardware & software and even if we get it we still have peoples using Google services on older version of devices which are not getting latest android security patch.I hope you understand it with wider perspective and try working on it.

I would just ask few questions: 

Why Google Chrome needs to keep passwords available offline on android device?

We save passwords on Google to auto complete it while we login next time, Do you think that we can login on any site while we are offline?

I think all passwords that we save on https://passwords.google.com should always stay on cloud and should be directly used while we request login and even if it stores offline on our device it should require our google password along with 2-Step verification if enabled to view any passwords and I think everyone should use some other password wallet to store their passwords safely if Google don't fix this issue on Chrome android.

  
 

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot