A known browser vulnerability exploits the default browser Password manager that abused by third-party scripts and exfiltrate the hidden user identities.
An attacker can be successfully gaining the information by tracking script that inserts an invisible login form in the user visiting website that is automatically filled by browser login manager.
Source: GBHackers