it would have the password manager insert the password into some element on the page, and then probably send that password off to some site for exfill, but it wouldn't show you it's doing any of this

the image attached to this issues actually shows an example, using an alert to show you the JS had access to your PW https://bugs.chromium.org/p/project-zero/issues/detail?id=14...