This is a fallacious belief. While there is not point in obscurity, there is much value in not making it trivially easy to read passwords, as most exploits (especially of chromium) are not full user compromise, but the ability to massage some memory structures and read/write specific interesting bytes.

Additionally, the passwords could be kept encrypted in another process, and decrypted on demand, essentially a password vault. This lets you use techniques like biometric or physical button approval for password use, and reduces the likelihood of a browser memory dump containing passwords.

File audit capabilities in the OS can also be tuned so that only the vault application should be reading the vault file. Make info stealers job difficult.