For a very long time, Salesforce sent login username and password through plain text in URL parameters.
To the point you could bookmark that URL and skip the login screen. You’d still have to contend with other login security(2FA and/or IP restrictions) but it was a gaping security hole they fixed relatively recently.
In the comments its not just chrome that is affected.
Its apparently all Chromium browsers.